Commit Graph

9695 Commits

Author SHA1 Message Date
Osama Sayegh 5dbf812d32
DEV: Add site age and site activities section to the redesigned about page (#28214)
This commit continues on work laid out by 6039b513fe to redesign the /about page. In this commit, we add the site age and a section on the right hand side to show site activities/statistics such as topics, posts, sign-ups, likes etc.
2024-08-07 11:11:41 +03:00
Krzysztof Kotlarek fc2259d1c8
FIX: limit the number of custom flags to 50 (#28221)
Admin can create up to 50 custom flags. It is limited for performance reasons.

When the limit is reached "Add button" is disabled and backend is protected by guardian.
2024-08-06 10:50:12 +10:00
Alan Guo Xiang Tan 2492fe7715
FIX: Set sane default for `Net::HTTP` when processing a request (#28141)
This commit patches `Net::HTTP` to reduce the default timeouts of 60
seconds when we are processing a request. There are certain routes in
Discourse which makes external requests and if the proper timeouts are
not set, we risk having the Unicorn master process force restarting the
Unicorn workers once the `30` seconds timeout is reached. This can
potentially become a vector for DoS attacks and this commit is aimed at
reducing the risk here.
2024-08-06 07:12:42 +08:00
David Taylor 595c43c5e5
DEV: Enable glimmer header by default (#28222)
https://meta.discourse.org/t/316549
2024-08-05 12:08:52 +01:00
Krzysztof Kotlarek 300ef67481
UX: move admin flag form to form-kit (#28187)
Rewrite the admin flag form to use FormKit. This is a draft because waiting for Checkbox improvements.
2024-08-05 11:01:25 +10:00
Sérgio Saquetim 4167862a05
DEV: Catch transformer errors and improve warnings (#28205) 2024-08-02 15:58:13 -03:00
Blake Erickson 6ee6b1f1d1
DEV: Add validation for allowed iframes setting (#28178)
- Adds a validator for the allowed iframes site setting
- Adds a migration to update any values that don't pass the validator

Follow up to: 188cb58daa
2024-08-01 06:51:02 -06:00
Joffrey JAFFEUX 9383143bc6
FIX: system badges can be disabled (#28169)
A previous commit mistakenly assumed system badges couldn't be disabled.
2024-07-31 15:28:59 +02:00
Discourse Translator Bot 1e76fbe207
Update translations (#28146) 2024-07-31 00:14:19 +02:00
Natalie Tay 188cb58daa
SECURITY: Fixes for main (#28137)
* SECURITY: Update default allowed iframes list

Change the default iframe url list to all include 3 slashes.

* SECURITY: limit group tag's name length

Limit the size of a group tag's name to 100 characters.

Internal ref - t/130059

* SECURITY: Improve sanitization of SVGs in Onebox

---------

Co-authored-by: Blake Erickson <o.blakeerickson@gmail.com>
Co-authored-by: Régis Hanol <regis@hanol.fr>
Co-authored-by: David Taylor <david@taylorhq.com>
2024-07-30 14:19:01 +08:00
Martin Brennan 2d5f323ca3
DEV: Move config area site setting fetch into new controller (#28136)
Followup 4aea12fdcb

In certain config areas (like About) we want to be able
to fetch specific site settings by name. In this case,
sometimes we need to be able to fetch hidden settings,
in cases where a config area is still experimental.

Splitting out a different endpoint for this purpose
allows us to be stricter with what we return for config
areas without affecting the main site settings UI, revealing
hidden settings before they are ready.
2024-07-30 15:41:28 +10:00
Loïc Guitaut 9c57be6403 DEV: Update Ruby I18n pluralization rules
The current pluralization rules used by the I18n system in Ruby are
obsolete and don’t follow the official rules available at
unicode.org/cldr/charts/45/supplemental/language_plural_rules.html.

Using https://github.com/ruby-i18n/ruby-cldr, new and updated ones have
been generated.
2024-07-29 15:44:52 +02:00
Loïc Guitaut fbf6bf6243 FIX: Don't escape MF variables in HTML links
We have some MF strings that are outputting HTML tags (typically links)
and their attributes are using single quotes. The problem is that with
the current implementation of MessageFormat, single quotes act as an
escaping mechanism for special characters like `{`. This then prevents
from interpolating some variables in the strings.

This patch addresses that issue by using double quotes instead,
restoring the expected behavior.
2024-07-29 15:30:52 +02:00
Discourse Translator Bot f5fc49f5db
Update translations (#28115)
* Update translations

* DEV: Spec failed because of translation update

---------

Co-authored-by: Gerhard Schlager <gerhard.schlager@discourse.org>
2024-07-29 15:16:40 +02:00
Ted Johansson 3126c50baa
DEV: Update member access wizard step to use toggle group (#28013)
We want to change the design of the "member experience" step of the wizard from using checkbox switches to using radio toggle groups.
2024-07-29 14:07:06 +08:00
Krzysztof Kotlarek 2a9dcade0a
UX: group admin new features by month (#28106)
Display new features grouped by month and show additional information about the version.
2024-07-29 14:20:12 +10:00
David McClure 912950c59b
DEV: improve copy for self wiki groups (#28105) 2024-07-27 22:09:05 -04:00
Osama Sayegh 7cc0f26292
DEV: Migrate about config area to Form Kit (#28021)
Form Kit is our new form library/framework for unifying the way forms look across Discourse. The admin config area for the /about page is a new form that isn't currently used, so it makes sense for it to be one of the first forms to be migrated to Form Kit to test the library.

Co-authored-by: Joffrey JAFFEUX <j.jaffeux@gmail.com>
2024-07-25 19:07:38 +03:00
David McClure 45f6bc0093
DEV: Add missing comma to warning string (#28081)
@discourse-translator-bot keep_translations
2024-07-25 10:43:31 -04:00
Joffrey JAFFEUX eec1b39baf
FIX: better copy for one entry (#28082)
If only one badge has not been awarded, the rest of the string doesn’t make sense:

> Due to the large number of unmatched entries, only the first 100 are shown:

As we are going to show only 1 anyways.
2024-07-25 16:12:13 +02:00
Joffrey JAFFEUX e3f03c74c4
FIX: missing ? in plural translation (#28079) 2024-07-25 16:05:19 +02:00
Jan Cernik f7d1b9cf67
UX: Allow adding content inline to the topic map (#28053) 2024-07-25 10:46:52 -03:00
Krzysztof Kotlarek 205a2bf0d6
DEV: show admin moderation flags UI (#28071)
The page was hidden behind a feature flag in this PR https://github.com/discourse/discourse/pull/27756

It is now in a shippable state.
2024-07-25 15:24:17 +10:00
Vinoth Kannan d681decf01
FEATURE: use new site setting for onebox custom user agent. (#28045)
Previously, we couldn't change the user agent name dynamically for onebox requests. In this commit, a new hidden site setting `onebox_user_agent` is created to override the default user agent value specified in the [initializer](c333e9d6e6/config/initializers/100-onebox_options.rb (L15)).

Co-authored-by: Régis Hanol <regis@hanol.fr>
2024-07-24 04:45:30 +05:30
Discourse Translator Bot 5b5d5b4b4a
Update translations (#28041) 2024-07-23 15:23:42 +02:00
锦心 a749387c80
FEATURE: Clean up previously logged information after permanently deleting posts (#28033)
* FEATURE: Clean up previously logged information after permanently deleting posts

When soft deleteing a topic or post, we will log some details in the
staff log, including the raw content of the post. Before this commit, we
will not clear the information in these records. Therefore, after
permanently deleting the post, `UserHistory` still retains copy of the
permanently deleted post. This is an unexpected behaviour and may raise
some potential legal issues.

This commit adds a behavior that when a post is permanently deleted, the
details column of the `UserHistory` associated with the post will be
overwritten to "(permanently deleted)". At the same time, for permanent
deletion, a new `action_id` is introduced to distinguish it from soft
deletion.

Related meta topic: https://meta.discourse.org/t/introduce-a-way-to-also-permanently-delete-the-sensitive-info-from-the-staff-logs/292546
2024-07-23 15:27:11 +08:00
Martin Brennan fc09236c0c
UX: FormKit error message followup (#28009)
We don't need this extra description, whole number
should be enough
2024-07-23 11:40:20 +10:00
Martin Brennan 0b413e2aa1
FEATURE: Use new topic bulk actions menu for all sites (#28003)
This commit promotes the new topic bulk action
menu introduced in 89883b2f51
to the main method of bulk selecting and performing
actions on topics. The site setting flag gating this
feature is deleted, and the old bulk select code is
deleted as well.

The new modal shows a loading spinner while operations
are taking place, allows selecting the action from a dropdown
instead of having a 2-step modal flow,
and also supports additional options for some operations, e.g.
allowing Close silently.
2024-07-23 11:39:27 +10:00
Jan Cernik a027ec4663
UX: Merge the simplified topic map (#27964)
Replaces the existing topic map with the experimental-topic-map made by @awesomerobot.

---------

Co-authored-by: awesomerobot <kris.aubuchon@discourse.org>
2024-07-22 19:42:29 -03:00
Osama Sayegh 6039b513fe
DEV: Initial parts for a redesigned /about page (#27996)
This commit introduces the foundation for a new design for the /about page that we're currently working on.  The current version will remain available and still be the default until we finish the new version and are ready to roll out. To opt into the new version right now, add one or more group to the `experimental_redesigned_about_page_groups` site setting and members in those groups will get the new version.

Internal topic: t/128545.
2024-07-23 01:35:18 +03:00
Alan Guo Xiang Tan 5105fce899
DEV: Recover @timestamp in unicorn logs when logstash logger is enabled (#28008)
This is a regression introduced in 28f5550886
2024-07-22 15:21:41 +08:00
Martin Brennan 5ac8888980
UX: Change copy for FormKit "not an integer" error (#28006)
Most people will not know what an integer is,
refer to this as a whole number for the human-readable
error message.
2024-07-22 09:00:18 +02:00
锦心 199f980e6a
FEATURE: Add creator and logging for CustomEmoji (#28004)
* FEATURE: Add logging for CustomEmoji

We didn't provide any logs for CustomEmoji before, nor did we record the
person who added any emoji in the database. As a result, the staff had
no way to trace back who added a certain emoji.

This commit adds a new column `user_id` to `custom_emojis` to record the
creator of an emoji. At the same time, a log is added for staff logs to
record who added or deleted a custom emoji.
2024-07-22 14:44:49 +08:00
Joffrey JAFFEUX b10b485572
DEV: adds an integer validation rule to form-kit (#27985)
Usage:

```
@validation="integer"
```

This commit also adds a default for rules. By default a rule will now be `ruleName: {}`, this avoids all the boilerplate in validation-parser.js.
2024-07-19 12:39:26 +02:00
Martin Brennan f5cbc3e3b8
FEATURE: Allow oneboxing private GitHub repo URLs and add private indicator to HTML (#27947)
Followup 560e8aff75

The linked commit allowed oneboxing private GitHub PRs,
issues, commits, and so on, but it didn't actually allow
oneboxing the root repo e.g https://github.com/discourse/discourse-reactions

We didn't have an engine for this, we were relying on OpenGraph
tags on the HTML rendering of the page like we do with other
oneboxes.

To fix this, we needed a new github engine for repos specifically.

Also, this commit adds a `data-github-private-repo` attribute to
PR, issue, and repo onebox HTML so we have an indicator of
whether the repo was private, which can be used for theme components
and so on.
2024-07-19 12:21:45 +10:00
Martin Brennan 48d13cb231
UX: Use a dropdown for SSL mode for group SMTP (#27932)
Our old group SMTP SSL option was a checkbox,
but this was not ideal because there are actually
3 different ways SSL can be used when sending
SMTP:

* None
* SSL/TLS
* STARTTLS

We got around this before with specific overrides
for Gmail, but it's not flexible enough and now people
want to use other providers. It's best to be clear,
though it is a technical detail. We provide a way
to test the SMTP settings before saving them so there
should be little chance of messing this up.

This commit also converts GroupEmailSettings to a glimmer
component.
2024-07-18 10:33:14 +10:00
Martin Brennan 9a0e8fc100
DEV: Hide IMAP site settings (#27948)
We are removing support for IMAP, hiding these site
settings is the first step.

c.f. https://meta.discourse.org/t/imap-support-for-group-inboxes/160588/39
2024-07-18 10:22:09 +10:00
Krzysztof Kotlarek c975c7fe1b
FEATURE: custom flag can require additional message (#27908)
Allow admin to create custom flag which requires an additional message.

I decided to rename the old `custom_flag` into `require_message` as it is more descriptive.
2024-07-18 10:10:22 +10:00
Discourse Translator Bot 6dd09b0868
Update translations (#27936)
* Update translations

* DEV: Spec failed after recent translation changes

---------

Co-authored-by: Gerhard Schlager <gerhard.schlager@discourse.org>
2024-07-17 15:49:33 +02:00
chapoi 2ca06ba236
DEV: form-kit
This PR introduces FormKit, a component-based form library designed to simplify form creation and management. This library provides a single `Form` component, various field components, controls, validation mechanisms, and customization options. Additionally, it includes helpers to facilitate testing and writing specifications for forms.

1. **Form Component**:
   - The main component that encapsulates form logic and structure.
   - Yields various utilities like `Field`, `Submit`, `Alert`, etc.

   **Example Usage**:
   ```gjs
   import Form from "discourse/form";

   <template>
     <Form as |form|>
       <form.Field
         @name="username"
         @title="Username"
         @validation="required"
         as |field|
       >
         <field.Input />
       </form.Field>

       <form.Field @name="age" @title="Age" as |field|>
         <field.Input @type="number" />
       </form.Field>

       <form.Submit />
     </Form>
   </template>
   ```

2. **Validation**:
   - Built-in validation rules such as `required`, `number`, `length`, and `url`.
   - Custom validation callbacks for more complex validation logic.

   **Example Usage**:
   ```javascript
   validateUsername(name, value, data, { addError }) {
     if (data.bar / 2 === value) {
       addError(name, "That's not how maths work.");
     }
   }
   ```

   ```hbs
   <form.Field @name="username" @validate={{this.validateUsername}} />
   ```

3. **Customization**:
   - Plugin outlets for extending form functionality.
   - Styling capabilities through propagated attributes.
   - Custom controls with properties provided by `form` and `field`.

   **Example Usage**:
   ```hbs
   <Form class="my-form" as |form|>
     <form.Field class="my-field" as |field|>
       <MyCustomControl id={{field.id}} @onChange={{field.set}} />
     </form.Field>
   </Form>
   ```

4. **Helpers for Testing**:
   - Test assertions for form and field validation.

   **Example usage**:
   ```javascript
   assert.form().hasErrors("the form shows errors");
   assert.form().field("foo").hasValue("bar", "user has set the value");
   ```

   - Helper for interacting with he form

   **Example usage**:
   ```javascript
   await formKit().field("foo").fillIn("bar");
   ```

5. **Page Object for System Specs**:
   - Page objects for interacting with forms in system specs.
   - Methods for submitting forms, checking alerts, and interacting with fields.

   **Example Usage**:
   ```ruby
   form = PageObjects::Components::FormKit.new(".my-form")
   form.submit
   expect(form).to have_an_alert("message")
   ```

   **Field Interactions**:
   ```ruby
   field = form.field("foo")
   expect(field).to have_value("bar")
   field.fill_in("bar")
   ```


6. **Collections handling**:
   - A specific component to handle array of objects

   **Example Usage**:
   ```gjs
    <Form @data={{hash foo=(array (hash bar=1) (hash bar=2))}} as |form|>
      <form.Collection @name="foo" as |collection|>
        <collection.Field @name="bar" @title="Bar" as |field|>
          <field.Input />
        </collection.Field>
      </form.Collection>
    </Form>
   ```
2024-07-17 11:59:35 +02:00
锦心 600f2854c7
FEATURE: Log topic slow mode changes (#27934)
Previously, we did not log any topic slow mode changes. This allowed
some malicious (or just careless) TL4 users to delete slow modes created
by moderators at will. Administrators could not see who changed the slow
mode unless they had SQL knowledge and used Data Explorer.

This commit enables logging who turns slow mode on, off, or changes it.

Related meta topic: https://meta.discourse.org/t/why-is-there-no-record-of-who-added-or-removed-slow-mode/316354
2024-07-16 17:08:09 +08:00
锦心 3bc459e178
FIX: Add plural definitions for Hungarian (#27933)
Hungarian actually has a plural form (See: https://meta.discourse.org/t/issue-with-pluralized-count-translation-override/316019/8)

In a past commit we introduced an external JS library to describe the
plural form of the language. (301713ef96)
But this JS library actually has a slightly different pluralization
definition than what we use in the backend (plurals.rb). ruby-i18n
incorrectly assumes that Hungarian does not have plural forms.
This resulted in singular text being used on the front end for
Hungarian, but admins were unable to find and edit the singular text in
customization.

This commit adds a singular definition for Hungarian to the backend,
compatible with the  "make-plural/cardinals" library, thus fixing the
above issue.
2024-07-16 15:17:18 +08:00
Martin Brennan 00608a19c6
FIX: Show the SMTP authentication error for group UI (#27914)
Originally in 964da21817
we hid the SMTPAuthenticationError message except in
very specific cases. However this message often contains
helpful information from the mail provider, for example
here is a response from Office365:

> 535 5.7.139 Authentication unsuccessful, user is locked by your
organization's security defaults policy. Contact your administrator.

So, we will show the error message in the modal UI instead
of supressing it with a generic message to be more helpful.
2024-07-16 09:14:17 +10:00
Krzysztof Kotlarek 25485bddee
FIX: refresh flags cache after update (#27909)
`after_commit` should be used before refreshing processes to be sure that the database is already updated.

Also, MessageBus is used instead of events as MessageBus works correctly with many processes;
2024-07-15 19:45:25 +10:00
Ted Johansson cf5174da69
FIX: Fix broken out of date themes admin notice (#27916)
The OutOfDateThemes problem check is using an old method of setting the message, by overriding #message. It should instead use #translation_keys. (By chance I noticed the same thing applies to UnreachableThemes.
2024-07-15 16:12:44 +08:00
Martin Brennan 97e2b353f6
FEATURE: Allow for multiple GitHub onebox tokens (#27887)
Followup 560e8aff75

GitHub auth tokens cannot be made with permissions to
access multiple organisations. This is quite limiting.
This commit changes the site setting to be a "secret list"
type, which allows for a key/value mapping where the value
is treated like a password in the UI.

Now when a GitHub URL is requested for oneboxing, the
org name from the URL is used to determine which token
to use for the request.

Just in case anyone used the old site setting already,
there is a migration to create a `default` entry
with that token in the new list setting, and for
a period of time we will consider that token valid to
use for all GitHub oneboxes as well.
2024-07-15 13:07:36 +10:00
Krzysztof Kotlarek 9e4e591d60
Revert "FEATURE: custom flag can require additional message (#27706)" (#27906)
This reverts commit c0bcd979e3.
2024-07-15 09:45:57 +10:00
Krzysztof Kotlarek c0bcd979e3
FEATURE: custom flag can require additional message (#27706)
Allow admin to create custom flag which requires an additional message.

I decided to rename the old `custom_flag` into `require_message` as it is more descriptive.
2024-07-15 08:48:01 +10:00
Amanda Alves Branquinho 7f0e6e9592
FIX: Allow error handling for formats besides JSON (#27811)
* Allow error handling for formats besides JSON

* Add a test and sets the default format as JSON
2024-07-11 11:59:00 -03:00
Keegan George 3978db0811
DEV: Add missing Chinese simplified to `names.yml` (#27847) 2024-07-11 07:54:45 -07:00
moin-Jana c36fc86a2e
DEV: Correctly pluralize string (#27850) 2024-07-11 14:39:40 +02:00
Kris 5b73322c41
A11Y: improve topic entrance aria-label, title (#27842)
Co-authored-by: Jarek Radosz <jradosz@gmail.com>
2024-07-10 14:15:14 -04:00
Kris 0e3ed7ea2a
A11Y: improve topic list table markup for screenreaders (#27808)
Co-authored-by: Jarek Radosz <jradosz@gmail.com>
2024-07-10 13:14:36 -04:00
Loïc Guitaut ab99f31760 DEV: Fix the I18n integrity spec
Before Rails 7.1, the `config.i18n.raise_on_missing_translations` option
was raising only in controllers and views, now it’s anywhere in the app.
It means it raises each time `#description` is called for a setting that
is missing a proper description (and we have a ton of them). Most of the
time it’s fine, as those are usually settings that aren’t shown to the
user.

We can’t just let the code blow up every time there’s a setting with a
missing description, that’s why it’s currently returning an empty
string when the translation is missing.

However, this silently broke our I18n integrity spec that was relying on
the old “Translation missing” message to detect missing translations.

This patch addresses this issue by checking the description isn’t an
empty string. It caught a missing translation by the way.
2024-07-10 11:39:13 +02:00
Régis Hanol 758b9dd0ba
FEATURE: email attachments in a details (#27804)
This change how we present attachments from incoming emails to now be "hidden" in a "[details]" so they don't "hang" at the end of the post.

This is especially useful when using Discourse as a support tool where email is the main communication channel. For various reasons, images are often duplicated by email user agents, and hiding them behind the details block help keep the conversation focused on the isssue at hand.

Internal ref t/122333
2024-07-10 09:59:27 +02:00
Martin Brennan 560e8aff75
FEATURE: Allow oneboxing private GitHub URLs (#27705)
This commit adds the ability to onebox private GitHub
commits, pull requests, issues, blobs, and actions using
a new `github_onebox_access_token` site setting. The token
must be set up in correctly to have access to the repos needed.

To do this successfully with the Oneboxer, we need to skip
redirects on the github.com host, otherwise we get a 404
on the URL before it is translated into a GitHub API URL
and has the appropriate headers added.
2024-07-10 09:39:31 +10:00
Discourse Translator Bot dd67375de7
Update translations (#27790) 2024-07-09 23:12:03 +02:00
Martin Brennan 7a7bdc9be5
FEATURE: Use group based setting for unsafe-none COOP (#27783)
Followup 3ff7ce78e7

Basing this setting on referrer was too brittle --
the referrer header can easily be ommitted or changed.
Instead, for the small amount of use cases that this
site setting serves, we can use a group-based setting
instead, changing it to `cross_origin_opener_unsafe_none_groups`
instead.
2024-07-09 11:25:49 -05:00
Martin Brennan e58cf24fcc
FEATURE: Topic view stats report (#27760)
Adds a report to show the top 100 most viewed topics in a date range,
combining logged in and anonymous views. Can be filtered by category.

This is a followup to 527f02e99f
and d1191b7f5f. We are also going to
be able to see this data in a new topic map, but this admin report
helps to see an overview across the forum for a date range.
2024-07-09 15:39:10 +10:00
Alan Guo Xiang Tan 86e5f46175
DEV: Add hidden `s3_inventory_bucket_region` site setting (#27786)
This commit adds a hidden `s3_inventory_bucket_region` site setting to
specify the region of the `s3_inventory_bucket` when the `S3Inventory`
class initializes an instance of the `S3Helper`. By default, the
`S3Helper` class uses the value of the `s3_region` site setting but the
region of the `s3_inventory_bucket` is not always the same as the
`s3_region` configured.
2024-07-09 12:03:43 +08:00
Alan Guo Xiang Tan c0ac15575f
DEV: Drop `logging_provider` site setting (#27785)
This site setting has always been experimental and hidden since it was
added 7 years ago. Drop it to simplify the way we enable logging in a
logstash friendly way.
2024-07-09 10:00:44 +08:00
Alan Guo Xiang Tan 3aaece3235
DEV: Unsubscribe from ActionView log events when lograge is enabled. (#27763)
This commit updates the `101-lograge` initializer to unsubscribe from
log events logged by `ActionView::LogSubscriber`. This is what the `lograge`
gem has been doing but its implementation is not compatible with Rails
7.1 and we started getting noise in our logs when lograge is enabled.
2024-07-09 09:25:46 +08:00
Guhyoun Nam 784c04ea81
FEATURE: Add Mechanism to redeliver all failed webhook events (#27609)
Background:
In order to redrive failed webhook events, an operator has to go through and click on each. This PR is adding a mechanism to retry all failed events to help resolve issues quickly once the underlying failure has been resolved.

What is the change?:
Previously, we had to redeliver each webhook event. This merge is adding a 'Redeliver Failed' button next to the webhook event filter to redeliver all failed events. If there is no failed webhook events to redeliver, 'Redeliver Failed' gets disabled. If you click it, a window pops up to confirm the operator. Failed webhook events will be added to the queue and webhook event list will show the redelivering progress. Every minute, a job will be ran to go through 20 events to redeliver. Every hour, a job will cleanup the redelivering events which have been stored more than 8 hours.
2024-07-08 15:43:16 -05:00
Alan Guo Xiang Tan 28f5550886
DEV: Redo `DiscourseLogstashLogger` to not rely on `logstash-logger` (#27759)
This reverts commit 92d7d24d0f.
2024-07-08 14:03:11 +08:00
Martin Brennan df6f950200
DEV: Hide admin Moderation Flags UI behind feature flag for now (#27756)
Adds experimental_flags_admin_page_enabled_groups (default "")
to remove the Moderation Flags link from the admin sidebar for now,
there are still a few bugfixes that need to be done before we
are comfortable with turning this on more widely. This is
a _temporary_ flag, we will be removing this once the feature
is more stable.
2024-07-08 11:09:30 +10:00
Alan Guo Xiang Tan 5ca2c8b8ac
DEV: Remove noise from `Rails::Rack::Logger` after Rails 7.1 upgrade (#27731)
This commit monkey patches `Rails::Rack::Logger` to not log reqeust
information like `Started GET "/service-worker.js" for 127.0.0.1 at 2024-07-05 15:28:12 +0800`
when lograge is enabled. This was previously excluded by a monkey patch
in the `lograge` gem but that monkey patch has since broke and the gem
is unmaintained.
2024-07-08 08:42:58 +08:00
Sérgio Saquetim b36cbc7d21
DEV: Untangle the admin sidebar from the sidebar code (#27640) 2024-07-05 13:11:15 -03:00
Alan Guo Xiang Tan 92d7d24d0f
Revert "DEV: Redo `DiscourseLogstashLogger` to not rely on `logstash-logger` (#27663)" (#27733)
This reverts commit 8e10878e1a.

Something is broken on a friday so reverting first before I pick this up
again next Monday.
2024-07-05 17:26:58 +08:00
Alan Guo Xiang Tan 8e10878e1a
DEV: Redo `DiscourseLogstashLogger` to not rely on `logstash-logger` (#27663)
This commit rewrites `DiscourseLogstashLogger` to not be an instance
of `LogstashLogger`. The reason we don't want it to be an instance of
`LogstashLogger` is because we want the new logger to be chained to
Logster's logger which can then pass down useful information like the
request's env and error backtraces which Logster has already gathered.

Note that this commit does not bother to maintain backwards
compatibility and drops the `LOGSTASH_URI` and `UNICORN_LOGSTASH_URI`
ENV variables which were previously used to configure the destination in
which `logstash-logger` would send the logs to. Instead, we introduce
the `ENABLE_LOGSTASH_LOGGER` ENV variable to replace both ENV and remove
the need for the log paths to be specified. Note that the previous
feature was considered experimental as stated in d888d3c54c
and the new feature should be considered experimental as well. The code
may be moved into a plugin in the future.
2024-07-05 09:41:52 +08:00
Jan Cernik 0d608ceff8
UX: Registration design and validation improvements (#27666) 2024-07-04 09:17:07 -03:00
Robert e3b6be15b8
FEATURE: Add Instant Run-off Voting to Poll Plugin (Part 1: migrate existing plugin to Glimmer only) (#27204)
The "migration to Glimmer" has been broken out here from #27155 to make the review process less onerous and reduce change risk: 

* DEV: migrates most of the widget code to Glimmer in prep for IRV additions
* NB This already incorporates significant amounts of review and feedback from the prior PR.
* NB because there was significant additional feedback relating to older Poll code that I've improved with feedback, there are some additional changes here that are general improvements to the plugin and not specific to IRV nor Glimmer!
* There should be no trace of IRV code here.

Once this is finalised and merged we can continue to progress with #27155.
2024-07-04 13:34:48 +02:00
Loïc Guitaut 8d249457e8 DEV: Upgrade Rails to version 7.1
---------

Co-authored-by: Jarek Radosz <jradosz@gmail.com>
2024-07-04 10:58:21 +02:00
Arpit Jalan 947249719a
FEATURE: add option to delete user associated account on password reset (#27696) 2024-07-04 06:58:00 +05:30
Martin Brennan 527f02e99f
FEATURE: Only count topic views for explicit/deferred tracked views (#27533)
Followup 2f2da72747

This commit moves topic view tracking from happening
every time a Topic is requested, which is susceptible
to inflating numbers of views from web crawlers, to
our request tracker middleware.

In this new location, topic views are only tracked when
the following headers are sent:

* HTTP_DISCOURSE_TRACK_VIEW - This is sent on every page navigation when
  clicking around the ember app. We count these as browser page views
  because we know it comes from the AJAX call in our app. The topic ID
  is extracted from HTTP_DISCOURSE_TRACK_VIEW_TOPIC_ID
* HTTP_DISCOURSE_DEFERRED_TRACK_VIEW - Sent when MessageBus initializes
  after first loading the page to count the initial page load view. The
  topic ID is extracted from HTTP_DISCOURSE_DEFERRED_TRACK_VIEW.

This will bring topic views more in line with the change we
made to page views in the referenced commit and result in
more realistic topic view counts.
2024-07-03 10:38:49 +10:00
Krzysztof Kotlarek c3fadc7330
FEATURE: created edit and delete flags (#27484)
Allow admins to create edit and delete flags.
2024-07-03 08:45:37 +10:00
Keegan George ea58140032
DEV: Remove summarization code (#27373) 2024-07-02 08:51:47 -07:00
Discourse Translator Bot 052550c6e0
Update translations (#27680) 2024-07-02 16:42:56 +02:00
Martin Brennan ffc99253fa
DEV: Resolve TODO comments for martin-brennan
I am changing many of these to notes or resolving them as is,
most of these I have not actively worked on in years so someone
else can work on them when we get to these areas again.
2024-07-01 15:32:30 +10:00
Martin Brennan 56f34e2d2b
DEV: Unhide enable_direct_s3_uploads setting (#27659)
This has been around for a long time now and was mentioned
in https://meta.discourse.org/t/a-new-era-for-file-uploads-in-discourse/210469,
there is no need to hide it, self-hosters are free to enable
this.
2024-07-01 13:56:00 +10:00
Osama Sayegh 4c1c25027d
DEV: Wiring for the admin about config page (#27492)
This commit continues work laid out by ffec8163b0 for the admin config page for the /about page. The last commit set up the user interface, and this one sets up all the wiring needed to make the input fields and save buttons actually work.

Internal topic: t/128544.
2024-07-01 05:40:37 +03:00
Discourse Translator Bot 423f92490c Update translations 2024-06-28 16:10:06 +02:00
Gabriel Grubba 8d28038666
FEATURE: Add WebHookEventsDailyAggregate report page (#27573)
* FEATURE: Add WebHookEventsDailyAggregate

Add WebHookEventsDailyAggregate model to store daily aggregates of web hook events.
Add AggregateWebHooksEvents job to aggregate web hook events daily.
Add spec for WebHookEventsDailyAggregate model.

* DEV: Update annotations for web_hook_events_daily_aggregate.rb

* DEV: Update app/jobs/scheduled/aggregate_web_hooks_events.rb

Co-authored-by: Martin Brennan <martin@discourse.org>

* DEV: Address review feedback

Solves:
- https://github.com/discourse/discourse/pull/27542#discussion_r1646961101
- https://github.com/discourse/discourse/pull/27542#discussion_r1646958890
- https://github.com/discourse/discourse/pull/27542#discussion_r1646976808
- https://github.com/discourse/discourse/pull/27542#discussion_r1646979846
- https://github.com/discourse/discourse/pull/27542#discussion_r1646981036

* A11Y: Add translation to retain_web_hook_events_aggregate_days key

* FEATURE: Purge old web hook events daily aggregate

Solves: https://github.com/discourse/discourse/pull/27542#discussion_r1646961101

* DEV:  Update tests for web_hook_events_daily_aggregate

Update WebHookEventsDailyAggregate to not use save! at the end
Solves: https://github.com/discourse/discourse/pull/27542#discussion_r1646984601

* PERF: Change job query to use WebHook table instead of WebHookEvent table

* DEV: Update tests to use `fab!`

* DEV: Address code review feedback.

Add idempotency to job
Add has_many to WebHook

* FEATURE: Add WebHookEventsDailyAggregate report page

Add locales for the new report page
Reorder imports in the report.rb

* DEV: Remove logger line

* FEATURE: Add `auto_insert_none_item` option to `report-filters` components

---------

Co-authored-by: Martin Brennan <martin@discourse.org>
2024-06-27 10:26:42 -03:00
Loïc Guitaut f58b844f45
Revert "DEV: Upgrade Rails to version 7.1" (#27625)
This reverts commit ce00f83173.
2024-06-26 18:55:05 +02:00
Kris e505a5a1d5
UX: improve categories page subcategory layout (#27612) 2024-06-25 17:37:35 -04:00
Gabriel Grubba f3a89620a1
FEATURE: Add WebHookEventsDailyAggregate (#27542)
* FEATURE: Add WebHookEventsDailyAggregate

Add WebHookEventsDailyAggregate model to store daily aggregates of web hook events.
Add AggregateWebHooksEvents job to aggregate web hook events daily.
Add spec for WebHookEventsDailyAggregate model.

* DEV: Update annotations for web_hook_events_daily_aggregate.rb

* DEV: Update app/jobs/scheduled/aggregate_web_hooks_events.rb

Co-authored-by: Martin Brennan <martin@discourse.org>

* DEV: Address review feedback

Solves:
- https://github.com/discourse/discourse/pull/27542#discussion_r1646961101
- https://github.com/discourse/discourse/pull/27542#discussion_r1646958890
- https://github.com/discourse/discourse/pull/27542#discussion_r1646976808
- https://github.com/discourse/discourse/pull/27542#discussion_r1646979846
- https://github.com/discourse/discourse/pull/27542#discussion_r1646981036

* A11Y: Add translation to retain_web_hook_events_aggregate_days key

* FEATURE: Purge old web hook events daily aggregate

Solves: https://github.com/discourse/discourse/pull/27542#discussion_r1646961101

* DEV:  Update tests for web_hook_events_daily_aggregate

Update WebHookEventsDailyAggregate to not use save! at the end
Solves: https://github.com/discourse/discourse/pull/27542#discussion_r1646984601

* PERF: Change job query to use WebHook table instead of WebHookEvent table

* DEV: Update tests to use `fab!`

* DEV: Address code review feedback.

Add idempotency to job
Add has_many to WebHook

* DEV: add test case for job and change job query

* DEV: Change AggregateWebHooksEvents job test name

---------

Co-authored-by: Martin Brennan <martin@discourse.org>
2024-06-25 13:56:47 -03:00
Discourse Translator Bot 7d4ff77a14
Update translations (#27604) 2024-06-25 15:40:08 +02:00
Ted Johansson d63f1826fe
FEATURE: User fields required for existing users - Part 2 (#27172)
We want to allow admins to make new required fields apply to existing users. In order for this to work we need to have a way to make those users fill up the fields on their next page load. This is very similar to how adding a 2FA requirement post-fact works. Users will be redirected to a page where they can fill up the remaining required fields, and until they do that they won't be able to do anything else.
2024-06-25 19:32:18 +08:00
Ella E aa8773e659
UX: Use 'moderators' instead of 'staff' (#27572) 2024-06-24 19:21:08 -06:00
Kris e5c0cfcd27
UX: remove default use of quaternary color, update nav pill styles (#27502) 2024-06-24 09:54:34 -04:00
Renato Atilio 55da8a7701
FEATURE: add Untranslated filter to admin text customization (#27555)
Adds a checkbox to filter untranslated text strings in the admin UI, behind a hidden and default `false` site setting `admin_allow_filter_untranslated_text`.
2024-06-24 06:24:06 -03:00
Loïc Guitaut ce00f83173 DEV: Upgrade Rails to version 7.1
---------

Co-authored-by: Jarek Radosz <jradosz@gmail.com>
2024-06-24 11:16:14 +02:00
Loïc Guitaut 160011793a Revert "DEV: Upgrade Rails to version 7.1 (#27539)"
This reverts commit ca4af53be8.
2024-06-21 11:20:40 +02:00
Kelv 60d5170587
DEV: add validation on content_security_policy_script_src site setting (#27564)
* DEV: add validation on content_security_policy_script_src site setting
2024-06-21 17:00:22 +08:00
Loïc Guitaut ca4af53be8 DEV: Upgrade Rails to version 7.1 (#27539)
* DEV: Upgrade Rails to 7.1

* FIX: Remove references to `Rails.logger.chained`

`Rails.logger.chained` was provided by Logster before Rails 7.1
introduced their broadcast logger. Now all the loggers are added to
`Rails.logger.broadcasts`.

Some code in our initializers was still using `chained` instead of
`broadcasts`.

* DEV: Make parameters optional to all FakeLogger methods

* FIX: Set `override_level` on Logster loggers (#27519)

A followup to f595d599dd

* FIX: Don’t duplicate Rack response

---------

Co-authored-by: Jarek Radosz <jradosz@gmail.com>
2024-06-21 09:44:06 +02:00
Penar Musaraj 33de5abb6e
DEV: Extract theme resolution to a helper (#27426)
This ensures that the theme id is resolved as early as possible in the
request cycle. This is necessary for the custom homepage to skip
preloading the wrong data.
2024-06-20 11:33:46 -04:00
Loïc Guitaut 982c005979 Revert "DEV: Upgrade Rails to version 7.1 (#27539)"
This reverts commit 2301dddcff.
2024-06-20 11:43:35 +02:00
Loïc Guitaut 2301dddcff
DEV: Upgrade Rails to version 7.1 (#27539)
* DEV: Upgrade Rails to 7.1

* FIX: Remove references to `Rails.logger.chained`

`Rails.logger.chained` was provided by Logster before Rails 7.1
introduced their broadcast logger. Now all the loggers are added to
`Rails.logger.broadcasts`.

Some code in our initializers was still using `chained` instead of
`broadcasts`.

* DEV: Make parameters optional to all FakeLogger methods

* FIX: Set `override_level` on Logster loggers (#27519)

A followup to f595d599dd

* FIX: Don’t duplicate Rack response

---------

Co-authored-by: Jarek Radosz <jradosz@gmail.com>
2024-06-20 10:33:01 +02:00
Rafael dos Santos Silva b2a9676f0b
FEATURE: Support Spotify Onebox (#27540) 2024-06-19 13:27:27 -03:00
Martin Brennan 83361b2fc5
FEATURE: Introduce site settings which require confirmation (#27315)
Many site settings can be distructive or have huge side-effects
for a site that the admin may not be aware of when changing it.

This commit introduces a `requires_confirmation` attribute that
can be added to any site setting. When it is true, a confirmation
dialog will open if that setting is changed in the admin UI,
optionally with a custom message that is defined in client.en.yml.

If the admin does not confirm, we reset the setting to its previous
clean value and do not save the new value.
2024-06-19 16:01:24 +10:00
Ted Johansson 3ff7ce78e7
FEATURE: Add hidden site setting to list 'unsafe-none' COOP referrers (#27510)
Some tooling may rely on an unsafe-none cross origin opener policy to work. This change adds a hidden site setting that can be used to list referrers where we add this header instead of the default one configured in cross_origin_opener_policy_header.
2024-06-19 11:11:35 +08:00
Krzysztof Kotlarek cc4c199680
FEATURE: optional 2FA enforcement (#27506)
A new admin setting called `enforce_second_factor_on_external_auth`. It allows users to authenticate using external providers even when 2FA is forced with `enforce_second_factor` site setting.
2024-06-19 09:32:30 +10:00
Jarek Radosz 5cb84f8dcf
DEV: Revert rails 7.1 upgrade (#27522)
* Revert "FIX: Set `override_level` on Logster loggers (#27519)"

This reverts commit c1b0488c54.

* Revert "DEV: Make parameters optional to all FakeLogger methods"

This reverts commit 3318dad7b4.

* Revert "FIX: Remove references to `Rails.logger.chained`"

This reverts commit f595d599dd.

* Revert "DEV: Upgrade Rails to 7.1"

This reverts commit 081b00391e.
2024-06-18 23:48:30 +02:00
Jarek Radosz c1b0488c54
FIX: Set `override_level` on Logster loggers (#27519)
A followup to f595d599dd
2024-06-18 21:53:51 +02:00
Tobias Eigen 6ac7d02a8f
Update server.en.yml (#27490)
made explicit in description that ` default_sidebar_switch_panel_position` admin setting is about the position of the button on the sidebar for switching to chat.
2024-06-18 14:58:03 -04:00
Loïc Guitaut f595d599dd FIX: Remove references to `Rails.logger.chained`
`Rails.logger.chained` was provided by Logster before Rails 7.1
introduced their broadcast logger. Now all the loggers are added to
`Rails.logger.broadcasts`.

Some code in our initializers was still using `chained` instead of
`broadcasts`.
2024-06-18 17:46:40 +02:00
Loïc Guitaut 081b00391e DEV: Upgrade Rails to 7.1 2024-06-18 15:58:05 +02:00
Discourse Translator Bot 69c99a82dd
Update translations (#27511) 2024-06-18 15:39:31 +02:00
Kelv 2393234be5
DEV: remove legacy CSP implementation to make strict-dynamic only accepted behaviour (#27486)
* DEV: remove legacy CSP implementation that allowed for non-strict-dynamic behaviour
2024-06-18 16:40:53 +08:00
Daniel Waterworth 63e8c79e2f
FIX: Make edit categories sidebar modal work more intuitively (#27111)
* Load search results in displayed order so that when more categories are loaded on scroll, they appear at the end,
 * Limit the number of subcategories that are shown per category and display 'show more' links,
2024-06-14 11:37:32 -05:00
Osama Sayegh 4aea12fdcb
DEV: Allow fetching specific site settings and introduce a service for updating site settings (#27481)
This commit adds ability to fetch a subset of site settings from the `/admin/site_settings` endpoint so that it can be used in all places where the client app needs access to a subset of the site settings.

Additionally, this commit also introduces a new service class called `UpdateSiteSetting` that encapsulates all the logic that surrounds updating a site setting so that it can be used to update site setting(s) anywhere in the backend. This service comes in handy with, for example, the controller for the flags admin config area which may need to update some site settings related to flags.

Internal topic: t/130713.
2024-06-14 13:07:27 +03:00
Kris e92323c81e
UX: replace "all subcategories" with "remove filter", reorder tag dropdown (#27473) 2024-06-13 17:10:25 -04:00
Jan Cernik d7ece61252
UX: Rename FAQ to Guidelines (#27451) 2024-06-13 12:09:53 -03:00
Kelv 3ae2e039c3
DEV: remove composer.modal_cancel translation key (#27445) 2024-06-13 16:44:36 +08:00
Alan Guo Xiang Tan ae1d8c50da
DEV: Add ability to log a warning when Sidekiq job runs for too long (#27446)
This commits introduces the `sidekiq_report_long_running_jobs_minutes`
global setting which allows a site administrator to log a warning in the
Rails log when a Sidekiq job has been running for too long.

The warning is logged with the backtrace of the thread that is
processing the Sidekiq job to make it easier to figure out what a
sidekiq job is stuck on.
2024-06-13 14:24:44 +08:00
Discourse Translator Bot 312cf18428
Update translations (#27425) 2024-06-11 19:49:30 +02:00
Kris f95d80af26
UX: update "all tags" to "remove filter" for tag breadcrumb dropdown (#27424) 2024-06-11 13:21:09 -04:00
Discourse Translator Bot 74e7bed7d5
Update translations (#27417) 2024-06-11 17:20:39 +02:00
Alan Guo Xiang Tan 8cf4ed5f88
DEV: Introduce hidden `s3_inventory_bucket` site setting (#27304)
This commit introduces a hidden `s3_inventory_bucket` site setting which
replaces the `enable_s3_inventory` and `s3_configure_inventory_policy`
site setting.

The reason `enable_s3_inventory` and `s3_configure_inventory_policy`
site settings are removed is because this feature has technically been
broken since it was introduced. When the `enable_s3_inventory` feature
is turned on, the app will because configure a daily inventory policy for the
`s3_upload_bucket` bucket and store the inventories under a prefix in
the bucket. The problem here is that once the inventories are created,
there is nothing cleaning up all these inventories so whoever that has
enabled this feature would have been paying the cost of storing a whole
bunch of inventory files which are never used. Given that we have not
received any complains about inventory files inflating S3 storage costs,
we think that it is very likely that this feature is no longer being
used and we are looking to drop support for this feature in the not too
distance future.

For now, we will still support a hidden `s3_inventory_bucket` site
setting which site administrators can configure via the
`DISCOURSE_S3_INVENTORY_BUCKET` env.
2024-06-10 13:16:00 +08:00
Guhyoun Nam c13f64d35b
FEATURE: Add Filter for Webhook Events by Status (#27332)
* FEATURE: Add Filter for Webhook Events by Status

* Fixing multiple issues

* Lint

* Fixing multiple issues

* Change the range of the status for webhook events
2024-06-07 10:26:00 -05:00
Osama Sayegh ffec8163b0
DEV: Initial UI for admin config area for /about (#27340)
This commit introduces the initial UI for the admin config area for the /about page. The UI isn't wired and doesn't do anything yet, but we're going to iterate on it in future commits.

Internal topic: t/128544.
2024-06-06 16:07:08 +03:00
Martin Brennan 748240ce3b
FIX: Pluralisation for short password count (#27342)
Followup 0434112aa7,
when I introduced the pluralisation for the
password.too_short message I didn't change the
key name to `count`, which is necessary.
2024-06-05 16:20:48 +10:00
Martin Brennan 0434112aa7
UX: Streamline reset password page (#27341)
This commit includes various UX improvements to the reset
password page:

* Introduce a `hide-application-header-buttons` helper to do the following:
  * Hide Sign Up and Log In buttons, they are not necessary on this flow
  * Hide the sidebar, it is a distraction on this flow
* Improve messaging when a 2FA confirmation is required first
* Improve display of server-side ActiveRecord model validation errors
  in password form, e.g. instead of "is the same as your current password"
  we do "The password is the same as your current password"
* Move password tip to next line below input and move caps lock hint
  inline with Show/Hide password toggle
* Add system specs for 2FA flow on reset password page
* Fixes a computed property conflict issue on the password reset
   page when toggling 2FA methods
2024-06-05 15:22:59 +10:00
Krzysztof Kotlarek aa88b07640
FEATURE: the ability to change the order of flags (#27269)
Continued work on moderate flags UI.
In this PR admins are allowed to change the order of flags. The notify user flag is always on top but all other flags can be moved.
2024-06-05 13:27:06 +10:00
Discourse Translator Bot a5c06f0b2c
Update translations (#27321) 2024-06-04 21:44:04 +02:00
David Taylor aa37be3323
UX: Use regular reset-password flow for expired passwords (#27316)
This makes it more obvious what's happening, and makes it much less likely that users will send repeated reset emails (and thereby hit the rate limit)

Followup to e97ef7e9af
2024-06-04 12:47:33 +01:00
Alan Guo Xiang Tan e97ef7e9af
FEATURE: Allow site admin to mark a user's password as expired (#27314)
This commit adds the ability for site administrators to mark users'
passwords as expired. Note that this commit does not add any client side
interface to mark a user's password as expired.

The following changes are introduced in this commit:

1. Adds a `user_passwords` table and `UserPassword` model. While the
   `user_passwords` table is currently used to only store expired
   passwords, it will be used in the future to store a user's current
   password as well.

2. Adds a `UserPasswordExpirer.expire_user_password` method which can
   be used from the Rails console to mark a user's password as expired.

3. Updates `SessionsController#create` to check that the user's current
   password has not been marked as expired after confirming the
   password. If the password is determined to be expired based on the
   existence of a `UserPassword` record with the `password_expired_at`
   column set, we will not log the user in and will display a password
   expired notice. A forgot password email is automatically send out to
   the user as well.
2024-06-04 15:42:53 +08:00
Osama Sayegh fed9055818
DEV: Remove admin-revamp and introduce foundations for admin config (#27293)
This commit removes the `/admin-revamp` routes which were introduced as a part of an experiment to revamp the admin pages. We still want to improve the admin/staff experience, but we're going to do them within the existing `/admin` routes instead of introducing a completely new route.

Our initial efforts to improve the Discourse admin experience is this commit which introduces the foundation for a new subroute `/admin/config` which will house various new pages for configuring Discourse. The first new page (or "config area") will be `/admin/config/about` that will house all the settings and controls for configuring the `/about` page of Discourse.

Internal topic: t/128544
2024-06-03 10:18:14 +03:00
Alan Guo Xiang Tan 23c38cbf11
DEV: Log Unicorn worker timeout backtraces to `Rails.logger` (#27257)
This commit introduces the following changes:

1. Introduce the `SignalTrapLogger` singleton which starts a single
   thread that polls a queue to log messages with the specified logger.
   This thread is necessary becasue most loggers cannot be used inside
   the `Signal.trap` context as they rely on mutexes which are not
   allowed within the context.

2. Moves the monkey patch in `freedom_patches/unicorn_http_server_patch.rb` to
   `config/unicorn.config.rb` which is already monkey patching
   `Unicorn::HttpServer`.

3. `Unicorn::HttpServer` will now automatically send a `USR2` signal to
   a unicorn worker 2 seconds before the worker is timed out by the
   Unicorn master.

4. When a Unicorn worker receives a `USR2` signal, it will now log only
   the main thread's backtraces to `Rails.logger`. Previously, it was
   `put`ing the backtraces to `STDOUT` which most people wouldn't read.
   Logging it via `Rails.logger` will make the backtraces easily
   accessible via `/logs`.
2024-06-03 12:51:12 +08:00
Martin Brennan 4b2bd4d682
FEATURE: Allow "move to inbox" and "move to archive" for private messages using new bulk topic dropdown (#27236)
This commit re-introduces the "Move to Inbox" and "Move to Archive"
bulk topic actions, which we had in the old modal but had not yet added
to the new "experimental" dropdown, which isn't really experimental at
this point.

Once this is merged we can remove the old modal and only
rely on the new dropdown.
2024-06-03 14:37:28 +10:00
Tobias Eigen 82529a1c06
Update server.en.yml (#27286)
* Update server.en.yml

Added "sidebar" and "header pulldown" keywords to the navigation_menu site setting

* Update server.en.yml

fixed typo pulldown -> dropdown
2024-05-31 08:26:34 -07:00
Tobias Eigen 69c7ed7b59
Update server.en.yml (#27285)
changed `navigation menu` description to make explicit you are choosing between sidebar and header dropdown, and sidebar is recommended.
2024-05-31 08:06:05 -07:00
Discourse Translator Bot 81fe4ed248
Update translations (#27274) 2024-05-31 12:27:26 +02:00
Martin Brennan 222a5f4677
UX: Show shortcut for admin sidbar filter (#27258)
This adds a small indicator of the Ctrl+/ shortcut that
exists for the admin sidebar filter, since it's not very
obvious that you can do that. This should help people
who are struggling with the long list of links -- it's
much faster to use the keyboard and search for what
you are looking for.
2024-05-30 15:06:02 +10:00
Tobias Eigen 2d1ab4c9e3
Removed EXPERIMENTAL from new admin sidebar setting desc (#27246)
The new admin sidebar navigation is the new default, so no longer considered experimental. Though still actively being improved at the moment!
2024-05-30 10:19:05 +10:00
Krzysztof Kotlarek 963b9fd157
FEATURE: admin can disable flags (#27171)
UI for admins to disable system flags.
2024-05-29 14:39:58 +10:00
Alan Guo Xiang Tan e9c8e182d3
DEV: Use Unicorn logger to log Sidekiq signal handling events (#27239)
This commit updates all Sidekiq signal handling event logs to go through
Unicorn's logger instead of logging to STDOUT. Going through a proper logger
means the log messages are logged in the format which the logger has configured.
This means we get proper timestamp for the log messages.
2024-05-29 11:15:20 +08:00
Alan Guo Xiang Tan 47523fa57c
DEV: Use existing loggers for stuff we log in `config/unicorn.conf.rb` (#27237)
This commit updates various spots in `config/unicorn.conf.rb` which were
doing `STDERR.puts` to either use `server.logger` which is unicorn's
logger or `Rails.logger` which is Rails' logger. The reason we want to
do so is because `STDERR.puts` doesn't format the logs properly and is a
problem especially when custom loggers with structured formatting is
enabled.
2024-05-29 09:34:09 +08:00
David Taylor 9b11e9a8d1
UX: Hide 'same site cookies' site setting (#27230)
Changing this to anything other than 'Lax' will lead to pain. 'None' is much less secure, and 'Strict' will break lots of functionality.
2024-05-28 16:13:45 +01:00
Loïc Guitaut 2a28cda15c DEV: Update to lastest rubocop-discourse 2024-05-27 18:06:14 +02:00
Discourse Translator Bot 9d8044a2ee
FEATURE: Add Uyghur language (#27183)
Co-authored-by: Gerhard Schlager <gerhard.schlager@discourse.org>
2024-05-27 09:58:18 +02:00
Sam d1191b7f5f
FEATURE: topic_view_stats table with daily fidelity (#27197)
This gives us daily fidelity of topic view stats

New table stores a row per topic viewed per day tracking
anonymous and logged on views

We also have a new endpoint `/t/ID/views-stats.json` to get the statistics for the topic.
2024-05-27 15:25:32 +10:00
Alan Guo Xiang Tan 6cafe59c76
DEV: Add `DISCOURSE_DUMP_BACKTRACES_ON_UNICORN_WORKER_TIMEOUT` env (#27199)
This commit adds a `DISCOURSE_DUMP_BACKTRACES_ON_UNICORN_WORKER_TIMEOUT`
environment that will allow us to dump all backtraces for all threads of
a Unicorn worker 2 seconds before it times out. In development,
backtraces are dumped to `STDOUT` and in production we will dump it to
`unicorn.stdout.log`.

We want to dump all the backtraces to make it easier to identify the
cause of a Unicorn worker timing out.
2024-05-27 12:20:38 +08:00
Ted Johansson 69205cb1e5
DEV: Catch missing translations during test runs (#26258)
This configuration makes it so that a missing translation will raise an error during test execution. Better discover there than after deploy.
2024-05-24 22:15:53 +08:00
Arpit Jalan 9db83c37e4
FIX: When creating new message via URL do not redirect (#27153)
* FIX: When creating new message via URL do not redirect

If a user clicks on `/new-message` route from inside the instance we're
redirecting the user to `/latest` page which is only intended if the
user is coming from an external site. This commit checks for this
condition and only redirects when user is coming from external source.

This also makes the behavior consistent with `new-topic` route.

Internal topic reference: `/t/-/129523/`
2024-05-24 17:25:37 +05:30
Jeff Wong 755f8de6d4
FEATURE: add agree and edit (#27088)
* FEATURE: add agree and edit

adds agree and edit - an alias for agree and keep -- but with a client action to
edit the post in the composer before the flag is agreed with

---------

Co-authored-by: Juan David Martinez <juan@discourse.org>
2024-05-23 11:21:42 -07:00
Ted Johansson 7b437c9401
FEATURE: Implement new required options in admin user fields UI (#27079)
We're planning to implement a feature that allows adding required fields for existing users. This PR does some preparatory refactoring to make that possible. There should be no changes to existing behaviour. Just a small update to the admin UI.
2024-05-23 19:18:25 +08:00
Krzysztof Kotlarek cfbbfd177c
DEV: move post flags into database (#27125)
This is preparation for a feature that will allow admins to define their custom flags. Current behaviour should stay untouched.
2024-05-23 12:19:07 +10:00
Martin Brennan 312a930ac8
UX: Disable plugin list settings button for some plugins (#27124)
For plugins with only an "enabled" site setting, it doesn't
make sense to take them to the site settings page, since the
toggle switch in the list can be used to change enabled/disabled.

This will not be the case for plugins that have their own custom
config page (like Automation), but we will deal with this when
we actually overhaul this plugin to use the new show page.

Also adds another rspec fixture of a test plugin.
2024-05-23 12:04:26 +10:00
Ted Johansson 3137e60653
DEV: Database backed admin notices (#26192)
This PR introduces a basic AdminNotice model to store these notices. Admin notices are categorized by their source/type (currently only notices from problem check.) They also have a priority.
2024-05-23 09:29:08 +08:00
Amanda Alves Branquinho b0d95c8c78
FEATURE: Add bulk action to bookmark (#26856)
This PR aims to add bulk actions to the user's bookmarks.

After this feature, all users should be able to select multiple bookmarks and perform the actions of "deleting" or "clear reminders"
2024-05-22 12:50:21 -03:00
benj e42ba6e90a
UX: Group membership PMs thread (#26974)
Instead of creating two separate Topics when a user (1) requests to join a group and (2) gets accepted in, this makes the acceptance message into a Post under the origin group request Topic.
2024-05-22 11:47:28 -04:00
Penar Musaraj a77e3eeaf2
DEV: Update Discover URL (#27116) 2024-05-22 09:53:09 -04:00
Régis Hanol 958437e7dd
FIX: send activity summaries based on "last seen" (#27035)
instead of "last emailed" so that people getting email notifications (from a watched topic for example) also get the activity summaries.

Context - https://meta.discourse.org/t/activity-summary-not-sent-if-other-emails-are-sent/293040

Internal Ref - t/125582

Improvement over 95885645d9
2024-05-22 10:23:03 +02:00
Discourse Translator Bot db3db06caf
Update translations (#27104) 2024-05-21 17:40:50 +02:00
Jarek Radosz 87769a83c4
DEV: Implement glimmer topic-list (#26743)
(experimental)

The initial implementation of glimmer topic-list and related components. Does not include new APIs and isn't compatible with existing customization. That's gonna come in future PRs.

Enabled by adding groups to `experimental_glimmer_topic_list_groups` setting.
2024-05-21 14:36:15 +02:00
Krzysztof Kotlarek 40d65dddf8
Revert "DEV: move post flags into database (#26951)" (#27102)
This reverts commit 7aff9806eb.
2024-05-21 16:21:07 +10:00
Krzysztof Kotlarek 7aff9806eb
DEV: move post flags into database (#26951)
This is preparation for a feature that will allow admins to define their custom flags. Current behaviour should stay untouched.
2024-05-21 13:15:32 +10:00
Isaac Janzen ede0fa5802
DEV: Update bulk-invite logs and PM template (#27057)
# Preview

<img width="754" alt="Screenshot 2024-05-17 at 8 50 03 AM" src="https://github.com/discourse/discourse/assets/50783505/6710234f-0195-42be-b70e-9d57ba48bb4a">


# New Logs

```
[2024-05-17 08:49:54 -0600] Invalid User Field 'backend name' for 'foobarbing@gmail.com'
[2024-05-17 08:49:54 -0600] Invalid Email 'test
[2024-05-17 08:49:54 -0600] Invalid Email 'this@$@**.com
```
2024-05-17 12:21:21 -06:00
Jean 63b7a36fac
FEATURE: Extend embeddable hosts with Individual tags and author assignments (#26868)
* FEATURE: Extend embeddable hosts with tags and author assignments
2024-05-16 15:47:01 -04:00
Bianca Nenciu 77b032c2b5
FEATURE: Filter with CategoryDrop on category page (#26689)
Using the CategoryDrop on the categories page redirected the user to the
"latest topics" page with topics only from that category. With these
changes, selecting a category will take the user to a "subcategories
page" where only the subcategories of the selected property will be
displayed.
2024-05-16 10:45:13 +03:00
Ted Johansson e1953f7042
DEV: Update LinkedIn OIDC client secret validation format (#27028)
The LinkedIn OIDC client secret format has changed. This updates the regular expression used for validation to reflect this.
2024-05-15 13:32:59 +09:00
Discourse Translator Bot 104ca5c325
Update translations (#27017) 2024-05-14 16:19:44 +02:00
Osama Sayegh 722d694305
UX: Use a different JIT message when there are no search results in the users directory (#27009)
This commit adds a different message to the users directory (`/u`) that's shown when there are no results for the search term instead of showing the one for when there are no users on the site yet.

Internal topic: t/126076.
2024-05-14 16:07:45 +03:00
Régis Hanol 1eec8c3fa6 FEATURE: add HTML replacements
This adds support for Watched Words to allow replacement with HTML content rather than always replacing with text.

Can be useful when automatically replacing with the '<abbr>' tag for example.

Discussion - https://meta.discourse.org/t/replace-text-with-more-than-just-links/305672
2024-05-14 10:41:27 +02:00
SaraDev 3780a5e827
Update server.en.yml (#26955)
Updated description of User Visits and User Visits (mobile) reports to indicate reports are tracking signed-in user visits.
2024-05-13 11:19:36 -07:00
David Taylor 742a3b138d
Add GoogleOther crawler user agent (#27000)
Per https://developers.google.com/search/docs/crawling-indexing/overview-google-crawlers

> GoogleOther is the generic crawler that may be used by various product teams for fetching publicly accessible content from sites. For example, it may be used for one-off crawls for internal research and development.

This commit will ensure it's served the crawler view, and included in crawler metrics
2024-05-13 13:13:04 +01:00
Bianca Nenciu ebc1763aa5
FIX: Change request method for categories/search (#26976)
This commit changes request method for "categories/search" from GET to
POST to make sure that long filters can be passed to the server. For
example, category selectors with many categories are setting the full
list of selected category IDs to ensure these are filtered out from the
list of choices. This can result in a long URL that exceeds the maximum
length.
2024-05-13 14:37:17 +03:00
Vinoth Kannan 4e22b505c5
FIX: add missing translations for staff action logs. (#26969)
The watched word group's create, update and delete action logs were missing the translations. This PR will add those strings and will use the group key instead of watched word key where needed.
2024-05-10 23:11:56 +08:00
Neil Lalonde efc21dd98b
UX: enable_powered_by_discourse site setting default is true (#26774) 2024-05-09 13:01:08 +05:30
Alan Guo Xiang Tan 7079698cdf
FIX: Use MaxMind supplied permalinks to download MaxMind databases (#26847)
This commit switches `DiscourseIpInfo.mmdb_download` to use the
permalinks supplied by MaxMind to download the MaxMind databases as
specified in
https://dev.maxmind.com/geoip/updating-databases#directly-downloading-databases
which states:

```
To directly download databases, follow these steps:

1. In the "Download Links" column, click "Get Permalink(s)" for the desired database.
2. Copy the permalink(s) provided in the modal window.
3. Provide your account ID and your license key using Basic Authentication to authenticate.
```

Previously we are downloading from `https://download.maxmind.com/app/geoip_download` but this is not
documented anyway on MaxMind's docs so this URL can in theory break
in the future without warning. Therefore, we are taking a proactive
approach to download the databases from MaxMind the recommended way
instead of relying on a hidden URL. This old way of downloading the
databases with only a license key will be deprecated in 3.3 and be
removed in 3.4.
2024-05-09 15:11:56 +08:00
David McClure 13334a3da0
UX: link to /latest in welcome topic template (#26944)
On new sites, /top has no topics, which is a poor experience for new users.
2024-05-08 17:01:42 -04:00
Jan Cernik 7bc7ad45bb
UX: Merge the redesign experiment for embedded replies (#26876)
This PR merges the [design experiment](https://meta.discourse.org/t/embedded-replies-feedback/290538) based on the [Custom embedded replies component](https://meta.discourse.org/t/custom-embedded-replies/272670) created by [Don](https://meta.discourse.org/u/don/summary)

---------

Co-authored-by: Jordan Vidrine <jordan@jordanvidrine.com>
2024-05-08 18:00:17 +02:00
Martin Brennan ce2388e40b
FEATURE: Remove "Enable Sidebar" step from setup wizard (#26926)
This keeps coming up in user testing as something
we want to get rid of. The `navigation_menu` setting
has been set to sidebar by default for some time now,
and we are rolling out admin sidebar widely. It just
doesn't make sense to let people turn this off in
the first step of the wizard -- we _want_ people to
use the sidebar.
2024-05-08 10:00:40 +10:00
Discourse Translator Bot 42297b2ec3
Update translations (#26903) 2024-05-07 09:31:46 -04:00
Krzysztof Kotlarek e607dd3767
FIX: missing route for edit components (#26874)
In this PR separate route for components was introduced https://github.com/discourse/discourse/pull/26644

However, the route to edit components was missed and it was 404 when reloaded.

Meta: https://meta.discourse.org/t/missing-admin-theme-component-edit-route/306560
2024-05-06 14:27:30 +10:00
Discourse Translator Bot d1f008a2fc
Update translations (#26821) 2024-04-30 21:57:28 +02:00
Vinoth Kannan 143f06f2c6
FEATURE: Allow watched words to be created as a group (#26632)
At the moment, there is no way to create a group of related watched words together.  If a user needed a set of words to be created together, they'll have to create them individually one at a time.

This change attempts to allow related watched words to be created as a group. The idea here is to have a list of words be tied together via a common `WatchedWordGroup` record.  Given a list of words, a `WatchedWordGroup` record is created and assigned to each `WatchedWord` record. The existing WatchedWord creation behaviour remains largely unchanged.

Co-authored-by: Selase Krakani <skrakani@gmail.com>
Co-authored-by: Martin Brennan <martin@discourse.org>
2024-04-29 15:50:55 +05:30
Krzysztof Kotlarek da329d54af
FEATURE: new admin sidebar for moderators (#26795)
Enable a new sidebar for moderators with limited links.
2024-04-29 11:32:47 +10:00
Charley Sheets 6c9f04a56c
DEV: Fix confusing comment (#26781) 2024-04-29 09:16:20 +08:00
Martin Brennan edec941a87
FIX: Better tracking of topic visibility changes (#26709)
This commit introduces a few changes as a result of
customer issues with finding why a topic was relisted.
In one case, if a user edited the OP of a topic that was
unlisted and hidden because of too many flags, the topic
would get relisted by directly changing topic.visible,
instead of going via TopicStatusUpdater.

To improve tracking we:

* Introduce a visibility_reason_id to topic which functions
  in a similar way to hidden_reason_id on post, this column is
  set from the various places we change topic visibility
* Fix Post#unhide! which was directly modifying topic.visible,
  instead we use TopicStatusUpdater which sets visibility_reason_id
  and also makes a small action post
* Show the reason topic visibility changed when hovering the
  unlisted icon in topic status on topic titles
2024-04-29 10:34:46 +10:00
Joffrey JAFFEUX 9d3ab91517
UX:minor tweaks to user notifications dropdown (#26754)
- changes mute icon to bell-slash
- changed mute text
- changed ignore text
2024-04-25 15:22:41 +02:00
David Taylor 2f2da72747
FEATURE: Add experimental tracking of 'real browser' pageviews (#26647)
Our 'page_view_crawler' / 'page_view_anon' metrics are based purely on the User Agent sent by clients. This means that 'badly behaved' bots which are imitating real user agents are counted towards 'anon' page views.

This commit introduces a new method of tracking visitors. When an initial HTML request is made, we assume it is a 'non-browser' request (i.e. a bot). Then, once the JS application has booted, we notify the server to count it as a 'browser' request. This reliance on a JavaScript-capable browser matches up more closely to dedicated analytics systems like Google Analytics.

Existing data collection and graphs are unchanged. Data collected via the new technique is available in a new 'experimental' report.
2024-04-25 11:00:01 +01:00
Tobias Eigen 72b83b6435
improved description of personal_message_enabled_groups (#26680)
Made another effort to improve the description of the personal_message_enabled _groups site setting, to clarify who can already create and reply to messages no matter which groups are specified in this setting.
2024-04-24 05:52:03 -07:00
David Taylor dcd994a9f1
DEV: Drop workbox dependency (#26735)
This service-worker caching functionality was disabled by default in 1c58395bca, and the setting to re-enable was marked as experimental. Now we are dropping all the related logic.
2024-04-24 10:19:12 +01:00
David Taylor bca855f239
FIX: Improve handling of 'PublicExceptions' when bootstrap_error_pages enabled (#26700)
- Run the CSP-nonce-related middlewares on the generated response

- Fix the readonly mode checking to avoid empty strings being passed (the `check_readonly_mode` before_action will not execute in the case of these re-dispatched exceptions)

- Move the BlockRequestsMiddleware cookie-setting to the middleware, so that it is included even for unusual HTML responses like these exceptions
2024-04-24 09:40:13 +01:00
Alan Guo Xiang Tan 25bcee43c6
FIX: 404 when visiting theme setting objects editor for theme component (#26733)
This commit fixes a bug where the server returns a 404 response code if
a user visits the URL to edit a objects type theme setting directly.
2024-04-24 15:34:57 +08:00
Martin Brennan c791346088
FEATURE: Rate limit common AI bots crawlers by default (#26731)
This commit adds the most common AI bot crawlers seen
on our hosting (claudebot, gptbot, anthropic-ai, brightbot)
to our `slow_down_crawler_user_agents` and `crawler_user_agents`
site settings by default.

This means these AI bots will be rate limited by default instead
of site admins having to remember to do it for themselves.
2024-04-24 12:01:42 +10:00
Discourse Translator Bot dde1132a28
Update translations (#26713) 2024-04-23 16:22:27 +02:00
Krzysztof Kotlarek e1d9fd479f
FEATURE: after wizard admin is redirected to the guide page (#26696)
After the wizard is completed, the admin should be redirected to the admin guide topic.

Also tooltip from "Getting started" button was removed.
2024-04-23 10:04:15 +10:00
Ted Johansson 9e31135eca
FEATURE: Allow users to sign in using LinkedIn OpenID Connect (#26281)
LinkedIn has grandfathered its old OAuth2 provider. This can only be used by existing apps. New apps have to use the new OIDC provider.

This PR adds a linkedin_oidc provider to core. This will exist alongside the discourse-linkedin-auth plugin, which will be kept for those still using the deprecated provider.
2024-04-19 18:47:30 +08:00
Martin Brennan dbcefcf85e
FEATURE: Show additional filter links in admin sidebar for no results (#26672)
When the user sees no results in their admin sidebar query,
we are adding two additional links:

* "Search site settings" - Navigates to the site settings page
  with the filter prefilled in the search
* "Admin user list" - Navigates to the user list with the filter
  prefilled in the username search

This will bridge the gap until we have a full admin-wide search.

Also make admin site setting search param refresh on filter changes

---------

Co-authored-by: Jarek Radosz <jradosz@gmail.com>
2024-04-19 10:55:17 +10:00
Martin Brennan 99d22c85ae
FEATURE: Make admin sidebar keywords translateable (#26657)
This commit ensures that additional keywords for admin
sidebar links (which are also stored in the admin sidebar state
manager) are translated with I18n, which was discussed
in https://meta.discourse.org/t/introducing-experimental-admin-sidebar-navigation/289281/58?u=martin

This also changes the admin sidebar state manager keywords to
not be a TrackedObject -- this is not necessary as keywords are
only set once, and it was causing rendering issues because
the keywords were being set at the same time they were read.

Finally this adds a "theme" keyword to the "Components" link
because we often refer to components as Theme Components

Co-authored-by: Jarek Radosz <jradosz@gmail.com>
2024-04-18 16:14:11 +10:00
Krzysztof Kotlarek 98fc614162
FEATURE: mandatory fields for group site setting (#26612)
Automatically add `moderators` and `admins` auto groups to specific site settings.

In the new group-based permissions systems, we just want to check the user’s groups since it more accurately reflects reality

Affected settings:
- tag_topic_allowed_groups
- create_tag_allowed_groups
- send_email_messages_allowed_groups
- personal_message_enabled_groups
- here_mention_allowed_groups
- approve_unless_allowed_groups
- approve_new_topics_unless_allowed_groups
- skip_review_media_groups
- email_in_allowed_groups
- create_topic_allowed_groups
- edit_wiki_post_allowed_groups
- edit_post_allowed_groups
- self_wiki_allowed_groups
- flag_post_allowed_groups
- post_links_allowed_groups
- embedded_media_post_allowed_groups
- profile_background_allowed_groups
- user_card_background_allowed_groups
- invite_allowed_groups
- ignore_allowed_groups
- user_api_key_allowed_groups
2024-04-18 08:53:52 +10:00
Krzysztof Kotlarek df373d90fe
FEATURE: direct link to components for admin sidebar (#26644)
To add a components link to the sidebar refactoring was required to create unique URLs for themes and components. Before the query param was used. After changes, we have two URLs `/admin/customize/themes` and `/admin/customize/components`.
2024-04-17 11:45:59 +10:00
Discourse Translator Bot 8346f4a1e6
Update translations (#26651) 2024-04-16 17:37:49 +02:00
Natalie Tay 1fea2bf1c5
FEATURE: Merge user associated accounts, favouring the target user upon conflict (#26645) 2024-04-16 17:37:33 +08:00
Martin Brennan 380e5ca6cb
DEV: Move more service code to core (#26613)
This is to enable :array type attributes for Contract
attributes in services, this is a followup to the move
of services from chat to core here:

cab178a405

Co-authored-by: Joffrey JAFFEUX <j.jaffeux@gmail.com>
2024-04-12 13:14:19 +02:00
Martin Brennan 973a0028b4
FEATURE: Bulk topic tagging allowing restricted operations on sole categories (#26602)
The bulk actions menu for topics has multiple options to work
with tags on topics (append, replace, remove). Our tagging system
along with categories allows for some complicated tag restrictions
to be applied via tag groups. This was a problem for the topic bulk
actions because you couldn't append restricted tags to topics.

This commit allows restricted tags to be used in bulk tagging actions
as long as all selected topics are for a sole category. The category
information will be shown in the modal, and the category ID is used
for the tag search.
2024-04-12 13:10:14 +10:00
Blake Erickson 334a2f216f
FEATURE: User Notifications Links Page (#26609) 2024-04-11 15:54:28 -06:00
David Taylor 3733db866c
DEV: Introduce default 'auto' mode for glimmer header (#26467)
This will automatically enable the glimmer header when all installed themes/plugins are ready. This replaces the old group-based site setting.

In 'auto' mode, we check for calls to deprecated APIs (e.g. decorateWidget) which affect the old header. If any are present, we stick to the old header implementation and print a message to the console alongside the normal deprecation messages.

To override this automatic behavior, a new `glimmer_header_mode` site setting can be set to 'disabled' or 'enabled'.

This change also means that our test suite is running with the glimmer header. This unveiled a couple of small issues (e.g. some incorrect `aria-*` and `alt` text) which are now fixed. A number of selectors had to be updated to ensure the tests were clicking the actual `<button>` elements rather than the surrounding `<li>` elements.
2024-04-10 14:35:54 +01:00
Ella E 002ff94ded
UX: Display JIT when user list is empty (#26579)
* UX: Display JIT when user list is empty

* UX: Remove empty state heading

* DEV: add spacing by enclosing empty state body in <p> tag
2024-04-09 13:52:21 -06:00
Blake Erickson 72ac675e4e
FEATURE: Consolidate link notifications (#26567)
Just like we have for consolidating likes this adds similar
functionality for consolidating links.
2024-04-09 11:53:37 -06:00
Discourse Translator Bot 7f802e9c42
Update translations (#26575) 2024-04-09 18:48:44 +02:00
Krzysztof Kotlarek 0085365459
FEATURE: confirmation when a public section is updated (#26546)
Display additional confirmation when:
- The public section is going to be updated;
- The public section is going to be deleted;
- The public section is going to be marked as private.
2024-04-09 09:58:30 +10:00
Gerhard Schlager 815cfa1d47
DEV: Reduce the usage of "(s)" in strings (#26566)
It's mostly fine to use the plural form instead of writing something like "topic(s)" when one or more topics could be meant, but the actual count is not known.

This also removes some unused strings from the locale files.
2024-04-08 21:39:15 +02:00
Gerhard Schlager 74ac143c3c
DEV: Correctly pluralize strings (#26565) 2024-04-08 21:24:54 +02:00
Alan Guo Xiang Tan fbfeb5d6d0
DEV: Remove unused `/u/<:username>/preferences/categories` route (#26548)
This commmit removes the unused `/u/:username/preferences/categories`
route which was merged into the `/u/:username/preferences/tracking`
route in 2fc2d7d828.
2024-04-08 12:59:48 +08:00
Krzysztof Kotlarek 3ce386c22f
FEATURE: enable new admin sidebar by default (#26391)
By default, enable the new admin sidebar.
In addition, migration was created for old sites to keep the old admin panel.
2024-04-08 09:57:27 +10:00
Blake Erickson 8da49b5664
FEATURE: Add message to bulk close topics (#26535)
This will allow you to type a single message when bulk closing topics
that will be applied to every topic, that way they all have the same
message.
2024-04-05 14:56:52 -06:00
Joffrey JAFFEUX 9c38ff7b38
UX: better copy for reminder set (#26534) 2024-04-05 17:42:53 +02:00
Martin Brennan d6c30a54d7
DEV: Added docs for additional site setting types (#26530)
I left out a few setting types that are not used much
(e.g. value_list) for now, we may remove them.
2024-04-05 16:20:56 +10:00
Martin Brennan 67a8080e33
FEATURE: Redesigned bookmark modal and menu (#23071)
Adds the new quick menu for bookmarking. When you bookmark
a post (chat message behaviour will come later) we show this new quick
menu and bookmark the item straight away.

You can then choose a reminder quick option, or choose Custom... to open
the old modal. If you click on an existing bookmark, we show the same quick menu
but with Edit and Delete options.

A later PR will introduce a new bookmark modal, but for now we
are using the old modal for Edit and Custom... options.
2024-04-05 09:25:30 +10:00
Gerhard Schlager 82c62fe44f
DEV: Correctly pluralize error messages (#26469) 2024-04-04 15:02:09 +02:00
Alan Guo Xiang Tan a440e15291
DEV: Remove `experimental_objects_type_for_theme_settings` site setting (#26507)
Why this change?

Objects type for theme settings is no longer considered experimental so
we are dropping the site setting.
2024-04-04 12:01:31 +08:00
Tobias Eigen f40d94af89
updated bootstrap site setting to refer to getting started button (#26505)
To remove the Getting Started button manually, you have to disable bootstrap mode by setting bootstrap_mode_min_users to 0. I clarified this in the description for the setting.
2024-04-03 16:58:02 -07:00
Penar Musaraj 8e10a8a5e2
DEV: Update copy for topic timeline tip (#26494) 2024-04-03 13:55:05 -04:00
Penar Musaraj c4e8221d7e
UX: Improvements to user tips (#26480)
- Add a "Skip tips" button to first notification tip
- Add a "Skip tips" button to the admin guide tip
- Fixes the timeline tip showing when no timeline was present
- Fixes post menu tip showing when no "..." button is present
- Adds system tests
- Marks each tip as seen as soon as it is displayed so that refreshing,
clicking outside, etc. won't show it again
- Change just above means we no longer need a MessageBus track

Co-authored-by: Bianca Nenciu <nbianca@users.noreply.github.com>
2024-04-03 11:43:56 -04:00
Krzysztof Kotlarek ba04fc6a01
FEATURE: ignore manually deactivated users when purging (#26478)
When a user is manually deactivated, they should not be deleted by our background job that purges inactive users.

In addition, site settings keywords should accept an array of keywords.
2024-04-03 14:06:31 +11:00
Kris b35da59865
UX: adjustments for experimental bulk select menu (#26474) 2024-04-02 18:01:21 -04:00
Discourse Translator Bot 51006b5591
Update translations (#26463) 2024-04-02 18:19:46 +02:00
Joffrey JAFFEUX bd85dc40a0
UX: changes defer copy to mark unread (#26468) 2024-04-02 17:45:11 +02:00
Penar Musaraj 1eb70973a2
DEV: allow themes to render their own custom homepage (#26291)
This PR adds a theme modifier and route so that custom themes can opt to show their own homepage. See PR description for example usage.
2024-04-02 11:05:08 -04:00
Vinoth Kannan cd43985de0
UX: rename the word "Upgrade" to "Update" in the UI. (#26396)
In this PR, all references in the UI to the word "`upgrade`" are changed to "`update`". This is to differentiate the update process in self-hosted sites from the plan "upgrade" process in hosted sites.

Follow-up to the PR: https://github.com/discourse/docker_manager/pull/208
2024-04-02 20:04:37 +05:30
Joffrey JAFFEUX c76b10ec22
UX: tweaks enable defer setting copy (#26465) 2024-04-02 15:44:25 +02:00
Alan Guo Xiang Tan 9182501366
DEV: Introduce `maxmind_mirror_url` GlobalSetting (#26458)
Why this change?

This allows downloading the MaxMind databases from a mirror in cases
where downloading directly from MaxMind's API endpoint is problematic
due to API limits.
2024-04-02 14:53:53 +08:00
Alan Guo Xiang Tan 6c1b320e2e
DEV: Fix case inconsistency in translation file (#26456)
Why this change?

Our translation files use the snake case convention.
2024-04-02 14:39:46 +08:00
GuteLaune a2c08e8159
Fix typo (#26437) 2024-03-30 11:50:59 -07:00
Blake Erickson ba806eec74
DEV: Various bulk-select dropdown tweaks (#26424)
* DEV: Various bulk-select dropdown tweaks

- Setting is no longer hidden
- descriptions have been moved to the modal
- Removed ... from one of the dropdown titles
2024-03-29 12:29:24 -06:00
jbrw 74d55f14fe
DEV: Add skip_email_bulk_invites hidden site setting (#26430)
This adds a hidden site setting of `skip_email_bulk_invites`

If set to `true`, the `BulkInvite` job will pass the value to `Invite`, meaning the generated invite wont trigger an email notification being sent to the newly invited user.

(This is useful if you want to manage the sending of the invite emails outside of Discourse.)
2024-03-29 13:22:00 -04:00
Tobias Eigen 95e4b53aab
Improved description of `allow_anonymous_likes` (#26269)
improved description of  `allow_anonymous_likes` setting so it no longer refers to not-logged-in-users
2024-03-29 06:08:12 -07:00
Tobias Eigen 140b9f556c
update desc of personal message enabled groups setting (#26296)
The personal message enabled groups site setting is overridden by the group interaction settings for specifying who is allowed to write to groups. This was not clearly explained in the description here and I think I fixed it!
2024-03-29 06:07:48 -07:00
Tobias Eigen 36b0d5c2ae
removed link to TOS from community guidelines (#26326)
Not all sites will want to have a terms of service page, so we do not want to link to it from the community guidelines.
2024-03-29 06:07:09 -07:00
Alan Guo Xiang Tan a670d6d4af
DEV: Change group type to groups type for theme object schema (#26417)
Why this change?

This is a follow-up to 86b2e3a.

Basically, we want to allow people to select more than 1 group as well.

What does this change do?

1. Change `type: group` to `type: groups` and support `min` and `max`
   validations for `type: groups`.

2. Fix the `<SchemaThemeSetting::Types::Groups>` component to support the
   `min` and `max` validations and switch it to use the `<GroupChooser>` component
   instead of the `<ComboBoxComponent>` component which previously only supported
   selecting a single group.
2024-03-28 22:05:48 +08:00
Martin Brennan e04b35a184
FIX: Hide footgun max_notifications_per_user site setting (#26414)
It's not really intentional to have regular admins change
this in all but pathological cases. It deletes all notifications
over this threshold for users without warning. If admins
really want to turn this on, they can do it via the app.yml file
2024-03-28 14:42:22 +10:00
Alan Guo Xiang Tan 69af29cc40
DEV: Add a test to ensure that our SMTP settings are correct (#26410)
Why this change?

This is a follow up to 897be75941.

When updating `net-smtp` from `0.4.x` to `0.5.x`, our test suite passed
but the error `ArgumentError: SMTP-AUTH requested but missing user name`
was being thrown in production leading to emails being failed to send
out via SMTP.

This commit adds a test to ensure that our production SMTP settings will
at least attemp to connect to an SMTP server.
2024-03-28 10:18:19 +08:00
Alan Guo Xiang Tan 9d94cee898
DEV: Drop unused cloud66 configuration files (#26409)
Why this change?

These files were added 10 years ago and are no longer maintained or
relevant. Please see https://github.com/discourse/discourse/blob/main/docs/INSTALL-cloud.md
instead.
2024-03-28 09:19:20 +08:00
Daniel Waterworth 897be75941 FIX: Don't set smtp authentication type when there's no user or password
... otherwise net-smtp, starting with 0.5.0, complains.
2024-03-27 14:20:29 -05:00
Angus McLeod 7dc552c9cc
DEV: Add `import_embed_unlisted` site setting (#26222) 2024-03-27 08:57:43 -04:00
Osama Sayegh 0b34b4cbe9
DEV: Better error message when user is not allowed to user tags (#26380)
When a topic fails to be created due to the user not having permission to add tags to the topic, the error message that you get is `There was an error tagging the topic` which is very generic and doesn't explain where/what the problem is. This commit adds a clearer error message for this scenario.
2024-03-27 12:57:10 +03:00
David Taylor 1cc8c72a98
DEV: Consolidate experimental 'Link' header implementations (#26377)
This commit removes the 'experimental_preconnect_link_header' site setting, and the 'preload_link_header' site setting, and introduces two new global settings: early_hint_header_mode and early_hint_header_name.

We don't actually send 103 Early Hint responses from Discourse. However, upstream proxies can be configured to cache a response header from the app and use that to send an Early Hint response to future clients.

- `early_hint_header_mode` specifies the mode for the early hint header. Can be nil (disabled), "preconnect" (lists just CDN domains) or "preload" (lists all assets).
- `early_hint_header_name` specifies which header name to use for the early hint. Defaults to "Link", but can be changed to support different proxy mechanisms.
2024-03-27 09:06:50 +00:00
Krzysztof Kotlarek 0932b146d9
FEATURE: the ability to expand/collapse all admin sections (#26358)
By default, admin sections should be collapsed.
In addition, a button to expand/collapse all sections has been added.
2024-03-27 14:42:06 +11:00
Alan Guo Xiang Tan 476d91d233
DEV: Change category type to categories type for theme object schema (#26339)
Why this change?

This is a follow-up to 86b2e3aa3e.

Basically, we want to allow people to select more than 1 category as well.

What does this change do?

1. Change `type: category` to `type: categories` and support `min` and `max`
   validations for `type: categories`.

2. Fix the `<SchemaThemeSetting::Types::Categories>` component to support the
   `min` and `max` validations and switch it to use the `<CategorySelector>` component
   instead of the `<CategoryChooser>` component which only supports selecting one category.
2024-03-27 10:54:30 +08:00
Sam e765e84941
DEV: allow developers to use HTTPS if they wish (#26384)
Warning is getting tiring on local and I have https://l.discourse working just fine (tm)
2024-03-27 10:48:04 +11:00
David Taylor 312a5ead1f
DEV: Add Google-InspectionTool as a crawler user agent (#26375)
This user-agent is sent when URLs are inspected via the UI of Google's search console. It makes sense for us to serve it the same content as other bots, including GoogleBot.
2024-03-26 15:56:36 +00:00
Discourse Translator Bot f2a781bcd0
Update translations (#26368) 2024-03-26 16:30:01 +01:00
David Taylor 3329484e2d
FEATURE: Simplify crawler content for non-canonical post URLs (#26324)
When crawlers visit a post-specific URL like `/t/-/{topic-id}/{post-number}`, we use the canonical to direct them to the appropriate crawler-optimised paginated view (e.g. `?page=3`).

However, analysis of google results shows that the post-specific URLs are still being included in the index. Google doesn't tell us exactly why this is happening. However, as a general rule, 'A large portion of the duplicate page's content should be present on the canonical version'.

In our previous implementation, this wasn't 100% true all the time. That's because a request for a post-specific URL would include posts 'surrounding' that post, and won't exactly conform to the page boundaries which are used in the canonical version of the page. Essentially: in some cases, the content of the post-specific pages would include many posts which were not present on the canonical paginated version.

This commit aims to resolve that problem by simplifying the implementation. Instead of rendering posts surrounding the target post_number, we will only render the target post, and include a link to 'show post in topic'. With this new implementation, 100% of the post-specific page content will be present on the canonical paginated version, which will hopefully mean google reduces their  indexing of the non-canonical post-specific pages.
2024-03-26 15:18:46 +00:00
Alan Guo Xiang Tan ef99b97ea7
DEV: Load theme objects typed setting metadata when routing to editor (#26354)
Why this change?

Previously, we were preloading the necessary metadata for
`adminCustomizeThemes.show.schema` route in the
`adminCustomizeThemes.show` route. This is wasteful because we're
loading data upfront when the objects setting editor may not be used.

This change also lays the ground work for a future commit where we need
to be shipping down additional metadata which may further add to the
payload.
2024-03-26 14:02:05 +08:00
Alan Guo Xiang Tan 8a6e43a3d4
FIX: Fix broken translation in tags input field objects setting editor (#26340)
Why this change?

When a property of `type: tags` is required, we should be displaying the
"at least 1 tag is required" validation error message when there are no
tags selected in the `TagChooser` compoment. However, we were passing
`this.min` as the `count` attribute when generating the translation
string which is incorrect as `this.min` is not always set.
2024-03-25 16:06:32 +08:00
David Taylor 4a7e69d8ee
UX: Include message when crawler content is omitted (#26325)
To improve performance, we omit the basic-HTML version of pages when users are logged in, or when they are using a modern mobile device. This can be confusing when analysing the SEO of sites, so this commit adds a short static message when content is omitted.
2024-03-22 17:24:57 +00:00
Kris 9cadc402e6
UX: add title attribute to composer preview image controls (#26301) 2024-03-22 09:49:10 -04:00