Commit Graph

10959 Commits

Author SHA1 Message Date
Alan Guo Xiang Tan d875e6e998
UX: Fix edit tags/categories navigation menu modal has no focus on input (#22237)
What this change?

When a user opens the modal to edit tags or categories for the
navigation menu, we want to input filter to have focus. This commit
fixes that by doing the following:

1. Changes <DModal> component such that it prioritises elements with the
   autofocus attribute first.
2. Adds `autofocus` to the input elements on the edit tags/categories
   modal form.
2023-06-22 09:56:12 +08:00
Mark VanLandingham 6d9568a9a2
DEV: Remove network_disconnected_spec.rb (#22233) 2023-06-21 14:58:31 -05:00
Penar Musaraj 47ab7eb49a
FIX: Staged user creation loses user custom field data (#22206)
Don't cache user_fields on users separately from custom_fields, since they can get out of sync.

---------

Co-authored-by: Daniel Waterworth <me@danielwaterworth.com>
2023-06-21 12:35:24 -05:00
Mark VanLandingham 114a9a10b7
DEV: Add spec for notification data modifier (#22223) 2023-06-21 08:57:25 -05:00
Alan Guo Xiang Tan f5af4936d4
FIX: Site's top tags not shown for anonymous user (#22219)
When a site does not have `default_navigation_menu_tags`
site setting set, anonymous users should be shown the site's top tags as
a default in the tags section. However, this regressed in 9fad71809c
and we ended up showing anonymous users a tags section with only the
`All Tags` section link.

As part of this commit, I have also refactored the QUnit acceptance
tests to system tests which are much easier to work with.
2023-06-21 14:37:40 +08:00
Alan Guo Xiang Tan 547b520261
FEATURE: Add deslect all and reset to defaults btn edit nav menu modal (#22218)
What does this change do?

This change adds the deselect all and reset to defaults buttons to the
edit navigation menu tags modal. The deselect all button when
clicked deselects all the selected tags in the modal. If the user
saves with no tags selected, the user's tags section in the
navigation menu will be set to the site's top tags.

The reset to defaults button is only shown when the
`default_navigation_menu_tags` site setting has been configured.
When clicked, the user's tags section in the navigation menu is
automatically set to the tags defined by the
`default_navigation_menu_tags` site setting.
2023-06-21 12:45:48 +08:00
Krzysztof Kotlarek a64cb948ed
FIX: update unread and new count for categories (#22145)
There is a problem that unread and new count is not updated to reflecting topicTrackingState.

It is because discourseComputed on Category is not working properly with topicTrackingState. Moving it to component level is making counter reliable.
2023-06-21 13:42:30 +10:00
Alan Guo Xiang Tan 609562be3e
FEATURE: Add input filter for editing tags in navigation menu modal (#22216)
What does this change do?

This commit adds an input filter to filter through the tag checkboxes in the
modal to edit tags that are shown in the user's navigation menu. The
filtering is a simple matching of the given filter term against the
names of the tags.
2023-06-21 10:59:56 +08:00
Alan Guo Xiang Tan 08d8bd9f43
FEATURE: Add modal for editing tags in navigation menu (#22214)
What does this change do?

This change is a first pass for adding a modal used to edit tags that appears in
the navigation menu. As the feature is being worked on in phases, it is
currently hidden behind the `new_edit_sidebar_categories_tags_interface_groups` site setting.

The following features will be worked on in future commits:

1. Input filter to filter through the tgas
2. Button to reset tag selection to default navigation menu tags site
   settings
3. Button to deselect all current selection
2023-06-21 09:09:56 +08:00
Alan Guo Xiang Tan 1987fce018
DEV: Improve skip test comment (#22215)
Why this change?

The comment consists of an output that was copied from RSpec's default
output. This has the potential to mess with systems that are parsing
RSpec's output to fetch the spec failures as those systems are usually
looking for the first occurence of `Failures:`
2023-06-21 08:09:39 +08:00
Keegan George 75e711284a
DEV: Add custom error messages to form template forms (#22169) 2023-06-20 13:45:58 -07:00
Andrei Prigorshnev c5c043d9e2
DEV: support nil values in the eq_time matcher (#22116)
We use it like this:

    expect(message.created_at).to eq_time(created_at)

The problem is that if one of the values or both of them are `nil` the matcher fails 
with this error:

    NoMethodError: undefined method `-' for nil:NilClass

This commit adds support for `nil` values. If both time values are `nil` they are equal, 
if only one value is `nil` they aren't.
2023-06-20 19:06:40 +04:00
Martin Brennan fc199d42fa
FIX: Add aria-label attribute to cooked hashtags (#22182)
This commit adds an aria-label attribute to cooked hashtags using
the post/chat message decorateCooked functionality. I have just used
the inner content of the hashtag (the tag/category/channel name) for
the label -- we can reexamine at some point if we want something
different like "Link to dev category" or something, but from what I
can tell things like Twitter don't even have aria-labels for hashtags
so the text would be read out directly.

This commit also refactors any ruby specs checking the HTML of hashtags
to use rspec-html-matchers which is far clearer than having to maintain
the HTML structure in a HEREDOC for comparison, and gives better spec
failures.

c.f. https://meta.discourse.org/t/hashtags-are-getting-a-makeover/248866/23?u=martin
2023-06-20 15:47:17 +10:00
Sam 9e241e82e9
DEV: use HTML5 version of loofah (#21522)
https://meta.discourse.org/t/markdown-preview-and-result-differ/263878

The result of this markdown had different results in the composer preview and the post. This is solved by updating Loofah to the latest version and using html5 fragments like our user had reported. While the change was only needed in cooked_post_processor.rb for this fix, other areas also had to be updated due to various side effects.
2023-06-20 09:49:22 +08:00
Alan Guo Xiang Tan 289d2a5540
DEV: Deselect all and reset to defaults btns to edit categories modal (#22143)
What does this change do?

This change adds the deselect all and reset to defaults buttons to the
edit navigation menu categories modal. The deselect all button when
click deselects all the selected categories in the modal. If the user
saves with no categories selected, the user's categories section in the
navigation menu will be set to the site's top categories.

The reset to defaults button is only shown when the
`default_navigation_menu_categories` site setting has been configured.
When clicked, the user's categories section in the navigation menu is
automatically set to the categories defined by the
`default_navigation_menu_categories` site setting.
2023-06-20 08:17:53 +08:00
Vinoth Kannan 19133af057
FIX: don't add "Re:" prefix in email subject for first post of group PMs. (#22175)
Previously, it will add a "Re:" prefix to all the emails passing through the group SMTP mailer. It's creating confusion while receiving the mail for the first time on a PM.
2023-06-19 18:52:00 +05:30
Alan Guo Xiang Tan 57c96ed03d
FIX: Broken group messages inboxes when group name is mixed case (#22183)
This is a follow up to 1cbc65ba79 where
visiting a group with a mixed case name would result in an error.
2023-06-19 17:36:04 +08:00
Krzysztof Kotlarek 8837ee4b39
FIX: small bug with topics and my posts translations (#22179)
1. `everything` was changed to `topics`
2. Path for my posts translation is `sidebar.sections.community.links.my_posts.content` not `sidebar.sections.community.links.my/posts.content`
2023-06-19 17:51:33 +10:00
Alan Guo Xiang Tan 626eda4c91
DEV: Don't hardcode timeout for `SystemHelpers#try_until_success` (#22180)
Different environments run on different hardware so response times vary
based on hardware. Instead of hardcoding the timeout for
`SystemHelpers#try_until_success` to 2 seconds, we change it such that
it follows `Capybara.default_wait_timeout` which we have configured to
be higher in environments which runs on lousier hardware.

This change should reduce the amount of flakiness we're seeing on CI
with tests that rely on `SystemHlpers#try_until_success`.
2023-06-19 10:58:36 +08:00
Juan David Martínez Cubillos 93e5272223
FIX: Incompatibility between default_composer_category and default_subcategory_on_read_only_category (#22165) 2023-06-16 15:56:25 -05:00
David Taylor f8ea5b1136
DEV: Update TranslateAccelerator missing translation string (#22158)
Upstream added a capital 'T' to the 'Translation missing' message in https://github.com/ruby-i18n/i18n/commit/c5c6e753f3. This caused our translate accelerator patch to diverge, and the change in case affected a number of our specs. This commit updates the translate accelerator to match the upstream casing, and introduces a spec to detect future divergence.
2023-06-16 15:28:03 +01:00
Alan Guo Xiang Tan d60c90aef1
DEV: Change `have_section_link` match to use exact text match. (#22148)
Today I learnt that `has_link?("text of link")` by default does an
includes instead of looking for a link with the exact text. This is not
the behaviour I want so I'm changing
`PageObjects::Components::Sidebar.has_section_link?` to use the
`exact_text` option instead.
2023-06-16 16:36:34 +08:00
Martin Brennan 9174716737
DEV: Remove Discourse.redis.delete_prefixed (#22103)
This method is a huge footgun in production, since it calls
the Redis KEYS command. From the Redis documentation at
https://redis.io/commands/keys/:

> Warning: consider KEYS as a command that should only be used in
production environments with extreme care. It may ruin performance when
it is executed against large databases. This command is intended for
debugging and special operations, such as changing your keyspace layout.
Don't use KEYS in your regular application code.

Since we were only using `delete_prefixed` in specs (now that we
removed the usage in production in 24ec06ff85)
we can remove this and instead rely on `use_redis_snapshotting` on the
particular tests that need this kind of clearing functionality.
2023-06-16 12:44:35 +10:00
Sérgio Saquetim 4b22e67c8b
DEV: Added modifier to change mentions extracted from cooked text (#21654)
Added a new modifier hook to allow plugins to modify the @mentions
extracted from a cooked text.

Use case: Some plugins may change how the mentions are cooked to prevent
them from being confused with user or group mentions and display the user
card.

This modifier hook allows the plugin to filter the mentions detected or add new ways
to add mentions into cooked text.
2023-06-15 10:52:52 -03:00
Krzysztof Kotlarek 959c50001d
FIX: rename everything link to topics (#22076)
Rename everything link in community sidebar section to topics, which is
a bit more descriptive.
2023-06-15 11:36:38 +10:00
Krzysztof Kotlarek 2effcaa0f9
FIX: Update sidebar to be navigation menu (#22101)
Communities can use sidebar or header dropdown, therefore navigation menu is a better name settings in 2 places:

- Old user sidebar preferences;
- Site setting about default tags and categories.
2023-06-15 09:31:28 +10:00
Keegan George 9dc63c0755
UX: Add required indicator to fields with `required` validation (#22096) 2023-06-14 11:25:05 -07:00
Juan David Martínez Cubillos 8b39125985
FEATURE: Implement max_tags_per_email_subject (#22050)
* FEATURE: Implement max_tags_per_email_subject

* made it so only max_tags_per_email_subject is responsible for tags in emails when the feature is enabled

* added locales for implemented siteSettings

* reworded locale for enable_max_tags_per_email_subject

* added min value for max_tags_per_email_subject

* Implemented suggested changes to spec description
2023-06-14 12:22:14 -05:00
Selase Krakani 2652354da3
FIX: Moderator(non-admin staff user) group visibility scope queries (#22109)
Currently, groups owned by moderators are not visible to them on the
groups page. This happens because, the group visibility queries don't
account for non-admin staff user group ownership.

This change updates the group visibility scope queries to account for a
moderator(non-admin staff user) group ownership.
2023-06-14 15:25:45 +00:00
Natalie Tay 3fe06bba9d
FIX: Allow half-merged user to be accessed in admin UI (#22105) 2023-06-14 19:19:12 +08:00
Ted Johansson a674c6c4c2
DEV: Update username in new quote format - Part 1 (#22032)
When we introduced the new quote format with full-name display name:

```
[quote="Ted Johansson, post:1, topic:2, username:ted"]
we overlooked the code responsible for rewriting quotes when a user's name is changed.
```

The functional part of this change adds support for the new quote format in the code that updates quotes when a user's username changes. See the test case in `spec/services/username_changer_spec.rb` for the details.

In addition, this change adds a regression test for PrettyText to cover the new quote format, and extracts the code responsible for rewriting raw and cooked quotes into its own `QuoteRewriter` class. The functionality of the latter is tested through the tests in `spec/services/username_changer_spec.rb`.
2023-06-14 16:14:11 +08:00
Sam eb603b246b
PERF: limit anonymization to 1 per cluster (#21992)
Anonymization is among the most expensive operations we can perform with
extreme potential to impact the database. To mitigate risk we only allow a
single anonymization across the entire cluster concurrently.

This commit introduces support for `cluster_concurrency 1`. When you set that on a Job it will only allow 1 concurrent execution per cluster.
2023-06-14 08:30:23 +10:00
Jarek Radosz dae3970bad
DEV: Fix random typos (#22078)
Co-authored-by: Penar Musaraj <pmusaraj@gmail.com>
2023-06-13 22:02:21 +02:00
Roman Rizzi 8938ecabc2
FEATURE: Custom content summarization strategies. (#21813)
* FEATURE: Content custom summarization strategies.

This PR establishes a pattern for plugins to register alternative ways of summarizing content by extending a class that defines an interface.

Core controls which strategy we'll use and who has access to it through the `summarization_strategy` and `custom_summarization_allowed_groups`. It also defines the UI for summarizing topics.

Other plugins can access this summarization mechanism and implement their features, removing cross-plugin customizations, as it currently happens between chat and the discourse-ai plugin.

* Group membership validation and rate limiting

* Work with objects instead of classes

* Port summarization feature from discourse-ai to chat

* Rename available summaries to 'Top Replies' and 'Summary'
2023-06-13 14:21:46 -03:00
Blake Erickson dcceb91000
SECURITY: Prevent dismissal of topics that user can't see (#22086)
Co-authored-by: OsamaSayegh <asooomaasoooma90@gmail.com>
2023-06-13 11:08:55 -06:00
Blake Erickson 644dded000
SECURITY: Use canonical url for topic embeddings (#22085)
This prevents duplicate topics from being created when using embed_urls
that only differ on query params.
2023-06-13 11:08:08 -06:00
Blake Erickson 56b74e6042
SECURITY: Limit ThemeField value length to prevent DoS (#22087)
Co-authored-by: Daniel Waterworth <me@danielwaterworth.com>
2023-06-13 12:07:47 -05:00
Régis Hanol 4cb3412a56
PERF: improve `findAllMatches` speed (#22083)
When we introduced unicode support in the regular expressions used in watched words (9a27803) we didn't realize the cost adding the `u` flag would be.

Turns out, it's pretty bad when you have lots of regular expressions to test. A customer had slightly less than 200 watched words, and it would freeze the browser for about 2s on the first check of those regular expressions (roughly 10ms per regular expression).

This commit introduces a new field (`word`) to the serialized watched words which is then converted to a very fast and cheap regular expression on the client-side. We use that regexp to quicly check whether a matcher is even worth trying so that we don't incure the cost of compiling the expensive unicode regexp.

This commit also busts the `WordWatcher` cache since we added a new field to be serialized.

One nice side effect of using `matchAll` instead of a `while / exec` loop is that the likeliness of having a bad regexp matching infinitely is vastly reduced 🙌
2023-06-13 18:34:28 +02:00
Loïc Guitaut 5257c80064 DEV: Set limits on custom fields
This patch sets some limits on custom fields:
- an entity can’t have more than 100 custom fields defined on it
- a custom field can’t hold a value greater than 10,000,000 characters

The current implementation of custom fields is relatively complex and
does an upsert in SQL at some point, thus preventing to simply add an
`ActiveRecord` validation on the custom field model without having to
rewrite a part of the existing logic.
That’s one of the reasons this patch is implementing validations in the
`HasCustomField` module adding them to the model including the module.
2023-06-13 11:47:21 +02:00
Jarek Radosz e6f8897450
DEV: Try to de-flake topic page specs (#22065) 2023-06-13 11:05:19 +02:00
Krzysztof Kotlarek 4270ab932a
FIX: change dismiss new button label (#22075)
Button which is opening modal to dismiss topics should be "Dismiss…"
2023-06-13 13:18:39 +10:00
Jarek Radosz 843287d584
DEV: Increase topic_page_spec wait time (#22063) 2023-06-12 15:16:08 +02:00
Jarek Radosz b7568ea4a5
FIX: TOC anchors in a subfolder setup (#21985)
Clicking on TOC heading anchors in a subfolder setup was breaking the current URL for users.

Other than the fix this change introduces the ability to test the subfolder setup in system specs.
2023-06-12 13:59:54 +02:00
Daniel Waterworth 0cec84206e
DEV: Fix interactions between tests via plugin svg sprite cache (#22047) 2023-06-09 13:53:21 -05:00
Jean b2aa411436
FEATURE: Add new site setting type for tag-group lists (#21993)
* FEATURE: Add new site setting type for tag-group lists
2023-06-09 11:02:55 -04:00
Selase Krakani b3bb3872cf
FIX: Make serialized watched word regex Javascript compatible (#22010)
This change ensures Javascript compatible regex is serialized instead of
the default ruby based one.
2023-06-09 10:22:41 +00:00
Juan David Martínez Cubillos e08f713668
DEV: Refactored and moved Edit Directory Column tests out of directory_columns_controller_spec (#22022) 2023-06-08 18:00:01 -05:00
Bianca Nenciu 3817e08b0f
DEV: Fix test (#22018) 2023-06-08 16:12:13 -05:00
Keegan George 39efa4c32a
DEV: Create posts from form templates (#21980) 2023-06-08 12:49:18 -07:00
Bianca Nenciu 4973f0ccde
UX: Remove 'Create Topics' notice (#21958)
We are looking at simplifying the new admin/user experience and the
many notices bring unnecessary complexity.
2023-06-08 22:30:26 +03:00
Selase Krakani c45eb8a618
FIX: Create new PM notifications for `watching_first_post` groups (#21997)
At the moment, PMs to groups with default notification level set to
`watching_first_post` do not generate "emailable" notifications. This happens
because, topic user notification level which is indirectly derived
from the group's default notification level is set to `tracking` if the
group's notification level happens to be `watching_first_post`.

This leads to a `group_message_summary` notification being created
instead of a `private_message` notification which results in no email
alerts being sent when a  topic is created.

As this `watching_first_post` --> `tracking` switcheroo appears to be
intentional instead being a bug, this change extends `PostAlerter`'s
`notify_pm_users` method to create a `private_message` notification for
first posts created in a `watching_first_post` group even if the topic
user notification level is set to `tracking`
2023-06-08 17:41:44 +00:00
Bianca Nenciu ab260e70be
FEATURE: Add Mailpace webhook (#21981)
Adds Mailpace (formerly known as ohmystmp) webhook

Co-authored-by: ruq <hosch@mailbox.org>
2023-06-08 20:06:20 +03:00
Alan Guo Xiang Tan 853bce2abc
UX: Allow users to filter categories in edit sidebar categories modal (#21996)
What does this change do?

This change is a continuation of
2191b879c6 and adds an input filter to the
edit sidebar categories modal which the user can use to filter through
the list of categories by the category's name.

Note that if a child category is being shown, all of its ancestors will
be shown even if the names of the ancestors do not match the given
filter. This is to ensure that we continue to display the hierarchy of a
child category even if the parent category does not match the filter.
2023-06-08 12:54:51 +08:00
Alan Guo Xiang Tan 2191b879c6
FEATURE: Support sub-subcategories in new edit sidebar categories modal (#21994)
Why does this commit do?

This commit adds support for sub-subcategories in the new edit sidebar
categories modal added in fc296b9a81. Note
that sub-subcategories are enabled when `max_category_nesting` is set to
`3`.
2023-06-08 10:15:01 +08:00
Juan David Martínez Cubillos 5fdd3bd28a
DEV: Implement staff logs for user columns edits (#21774)
* DEV: Implement staff logs for user columns edits

* deleted extra space in staff logger detail string, deleted string when no changes are made, added basic test coverage for EditDirectoryColumnsController

* fixed change made to #self.staff_actions un UserHistory

* implemented a method that builds the details, previous_values and new_values in a dynamic way

* removed details of changes

* refactored small merge
2023-06-07 17:19:58 -05:00
Bianca Nenciu 10ee92656c
FIX: Send TL2 promotion message to correct user (#21978)
Usually, when a user is promoted to TL2 two messages are sent. The
first one is a system message 'tl2_promotion_message' which triggers a
'system_message_sent' Discourse event.

When the event is fired and if Discourse Narrative Bot is enabled, then
a second message is sent to the recipient of the first message. The
recipients was determined by looking at the list of users that can
access that topic and pick the last one. This method does not work if
'site_contact_group_name' site setting is set because it adds the group
in the list of recipients.

A solution to this problem would have been to select the last user in
the list of 'topic_allowed_users', but an even better solution is to
pass the name of the recipients when the 'system_message_sent'
Discourse event is fired.
2023-06-07 22:51:24 +03:00
Alan Guo Xiang Tan fc296b9a81
UX: First pass at edit categories navigation modal for sidebar (#21963)
What this change?

We are currently not fully satisfied with the current way to edit the
categories and tags that appears in the sidebar where the user is
redirected to the tracking preferences tab in the user's profile causing
the user to lose context of the current page. In addition, the dropdown
to select categories or tags limits the amount of information we can
display.

Since editing or adding a custom categories section is already using a
modal, we have decided to switch editing the categories and tags that
appear in the sidebar to use a modal as well.

This commit ships a first pass of the edit categories modal such that we
can keep the commit small and reviewable. The incomplete nature of the
feature is also reflected in the fact that the feature is hidden behind
a new `new_edit_sidebar_categories_tags_interface_groups` site setting.
2023-06-07 12:09:30 +08:00
Alan Guo Xiang Tan 41f8bff2c3
DEV: Remove superfluous `js: true` metadata (#21960)
Why this change?

It is very unlikely that we need to ever JS for system tests considering
that we rely on a JS framework on the frontend.
2023-06-07 09:26:58 +08:00
Martin Brennan 69eecf92d0
FIX: Use a default hashtag icon color for user with no permission (#21825)
One user can create a post or chat message with a hashtag they
have permission to use, but then when other users look at that
post they will see an empty space next to the hashtag because they
do not have the permission to load the colors in CSS classes for
the related category.

This fixes the issue by adding a default color with a special
CSS class if the user doesn't have permission to see the linked
channel/category on the hashtag.
2023-06-07 10:15:39 +10:00
Krzysztof Kotlarek af74cf5c77
FEATURE: new dismiss button for combined new and unread view (#21817)
Display modal for combined new and unread view with options:
- [x] Dismiss new topics
- [x] Dismiss new posts
- [ ] Stop tracking these topics so they stop appearing in my new list
2023-06-07 10:06:57 +10:00
Bianca Nenciu 8e8f733c94
UX: Remove title and description block if blank (#21861)
If the description is empty then it does not make sense to keep the
quote block that contains just the title.
2023-06-06 22:13:28 +03:00
Alan Guo Xiang Tan 7ef2eaa892
DEV: Fix system test assertion to avoid stale element reference error (#21944)
What is this change required?

We were seeing this error on CI

```
  1) Fast edit when editing text that has strange characters saves when paragraph contains apostrophe
     Failure/Error:
       expect(find("#{topic_page.post_by_number_selector(2)} .cooked p")).to have_content(
         "It ‘twas a great’ “day”!",
       )

     Selenium::WebDriver::Error::StaleElementReferenceError:
       stale element reference: stale element not found
         (Session info: chrome=114.0.5735.90)
```

I believe this is because the element that is "found" using `find` is
eventually re-rendered before the `have_content` matcher is called on
it.
2023-06-06 15:43:49 +08:00
Alan Guo Xiang Tan 5af2f4b888
DEV: Skip flaky network disconnected test (#21945)
Follow up to c574d7c555. Skipping the
entire file because both tests are flaky.
2023-06-06 15:39:18 +08:00
Matt Palmer a98d2a8086
FEATURE: allow S3 ACLs to be disabled (#21769)
AWS recommends running buckets without ACLs, and to use resource policies to manage access control instead.
This is not a bad idea, because S3 ACLs are whack, and while resource policies are also whack, they're a more constrained form of whack.
Further, some compliance regimes get antsy if you don't go with the vendor's recommended settings, and arguing that you need to enable ACLs on a bucket just to store images in there is more hassle than it's worth.
The new site setting (s3_use_acls) cannot be disabled when secure
uploads is enabled -- the latter relies on private ACLs for security
at this point in time. We may want to reexamine this in future.
2023-06-06 15:47:40 +10:00
Natalie Tay d2ef490e9a
FIX: Hide delete button to invite as user are unable to delete anyway (#21884)
Moderators are not allowed to delete invites that don't belong to them
2023-06-06 12:24:19 +08:00
Alan Guo Xiang Tan c574d7c555
DEV: Skip flaky system test (#21941)
Failure message on CI

```
Failures:

  1) Network Disconnected Doesn't show the offline indicator when the site setting isn't present
     Failure/Error: expect(page).to have_css("html.message-bus-offline")
       expected to find css "html.message-bus-offline" but there were no matches

     [Screenshot Image]: /__w/discourse/discourse/tmp/capybara/failures_r_spec_example_groups_network_disconnected_doesn_t_show_the_offline_indicator_when_the_site_setting_isn_t_present_764.png

     ~~~~~~~ JS LOGS ~~~~~~~
     http://localhost:31338/uploads/default/test_0/optimized/1X/_129430568242d1b7f853bb13ebea28b3f6af4e7_2_512x512.png - Failed to load resource: net::ERR_INTERNET_DISCONNECTED
     http://localhost:31338/categories - Error while trying to use the following icon from the Manifest: http://localhost:31338/uploads/default/test_0/optimized/1X/_129430568242d1b7f853bb13ebea28b3f6af4e7_2_512x512.png (Download error or resource isn't a valid image)
     ~~~~~ END JS LOGS ~~~~~

     # ./spec/system/network_disconnected_spec.rb:35:in `block (3 levels) in <main>'
     # ./spec/system/network_disconnected_spec.rb:8:in `with_network_disconnected'
     # ./spec/system/network_disconnected_spec.rb:34:in `block (2 levels) in <main>'
     # ./spec/rails_helper.rb:380:in `block (3 levels) in <top (required)>'
     # ./spec/rails_helper.rb:380:in `block (2 levels) in <top (required)>'
     # ./spec/rails_helper.rb:372:in `block (3 levels) in <top (required)>'
     # ./vendor/bundle/ruby/3.2.0/gems/timeout-0.3.2/lib/timeout.rb:189:in `block in timeout'
     # ./vendor/bundle/ruby/3.2.0/gems/timeout-0.3.2/lib/timeout.rb:196:in `timeout'
     # ./spec/rails_helper.rb:367:in `block (2 levels) in <top (required)>'
     # ./spec/rails_helper.rb:356:in `block (2 levels) in <top (required)>'
     # ./vendor/bundle/ruby/3.2.0/gems/webmock-3.18.1/lib/webmock/rspec.rb:37:in `block (2 levels) in <top (required)>'
```
2023-06-06 08:50:32 +08:00
Selase Krakani f462347e12
DEV: `PostRevisor` helper methods to track topic title and raw revisions (#21918)
Not all revisions involve changes to the actual post/topic content. We
may want to know if a revisions includes the topic title or post raw.

Specifically introducing these for use in the Akismet plugin to
conditionally queue checks.
2023-06-05 18:02:46 +00:00
Mark VanLandingham 3bfc6805ce
FEATURE: Offline indicator (#21369) 2023-06-05 11:08:04 -05:00
Blake Erickson 704a792f18
FEATURE: Add API Scope for latest posts (#21913)
Adds api scopes for

- `/posts.json`
- `/posts.rss`
- `/private-posts.json`
- `/private-posts.rss`
2023-06-05 09:04:34 -06:00
Alan Guo Xiang Tan afdf1ac7c3
DEV: Unskip supposedly flaky test (#21922)
We believe the system tests were flaky due to the problem identified in
4dd053av
2023-06-05 17:21:09 +08:00
Krzysztof Kotlarek 658b310305
FIX: simplify review community section link (#21907)
Before, the review button was shown in `primary section` when there were items to review. Otherwise, it was hidden in `more section`.

Because we are allowing admins to customize community section and reorder link, it makes sense to simplify that logic and review link should follow admin's decision.
2023-06-05 11:25:29 +08:00
Alan Guo Xiang Tan 7bd826ef11
DEV: Amend suggested topics when user has experimental new new view (#21879)
What does this change do?

Suggested topics by default are ordered in the following way:

1. Unread topics in current category of topic that is being viewed
2. Unread topics in other categories
3. New topics in current category of topics that is being viewed
4. New topics in other categories
5. Random topics

With the experimental new new view, we want to remove the concept of
read and new so that new order is as such:

1. Topics created by the current user with posts that the user has not
   read ordered by topic's bumped date
2. Topics in current category of topic with posts that the user has not
   read ordered by topic's bumped date
3. Topics in other categories with posts that the user has not read
   ordered by topic's bumped date
4. Random topics ordered by topic's bumped date
2023-06-05 08:06:43 +08:00
Osama Sayegh 6cf863080a
DEV: Eliminate flakiness in specs that depend on plugins from fixtures (#21912) 2023-06-05 08:06:00 +08:00
Blake Erickson 56ee46bf63
FEATURE: API Scope for latest.rss feed (#21906)
Adds an API scope for the `/latest.rss` route.

https://meta.discourse.org/t/188480
2023-06-02 08:28:14 -06:00
Vinoth Kannan 6409794e0f
FIX: delete synonym tags if other synonyms are already exist. (#21885)
When a topic already has multiple synonym tags of a target tag, if we try to update the "`tag_id`" column to target tag id then it will raise a unique violation error since there are multiple synonyms present in the topic. So before doing that action, we must delete the problematic tags so the topic has only one synonym tag to update.

This is not an issue when the topic has a target tag already along with synonyms.
2023-06-02 19:47:29 +05:30
Krzysztof Kotlarek 20982ef875
FIX: change Community icons (#21904)
Because of typo, icon could not be changed.
2023-06-02 11:58:54 +10:00
chapoi 9616a08fa6
UX: Add show more btn to reviewable item (#21579) 2023-06-01 11:55:27 -07:00
Alan Guo Xiang Tan 0d0ca075a6
Revert "DEV: Improve performance of system tests by disabling GPU in chrome (#21882)" (#21888)
This reverts commit 128d67ba56.

Doesn't seem to have any impact on CI
2023-06-01 22:05:04 +08:00
Alan Guo Xiang Tan 128d67ba56
DEV: Improve performance of system tests by disabling GPU in chrome (#21882)
It seems like the overhead of GPU acceleration is not worth it and is
slowing down our system tests. Locally the following command completes
in `2 minutes 8.6 seconds` with GPU disabled as compared to `2 minutes 45.4 seconds` with GPU enabled.
2023-06-01 16:59:20 +08:00
Alan Guo Xiang Tan 0494157452
DEV: Fix flaky test (#21880)
```
  1) TopicsFilter#filter_from_query_string ordering topics filter when ordering topics by creation date when query string is `order:created-invalid` should return topics ordered by the default order
     Failure/Error:
       expect(
         TopicsFilter
           .new(guardian: Guardian.new)
           .filter_from_query_string("order:#{order}-invalid")
           .pluck(:id),
       ).to eq(Topic.all.order(:id).pluck(:id))

       expected: [484, 485, 486]
            got: [486, 484, 485]
```
2023-06-01 15:47:33 +08:00
锦心 96a2893284
FEATURE: Allow expanding hidden posts for groups in SiteSetting.can_see_hidden_post (#21853)
Allow expanding hidden posts for groups in SiteSetting.can_see_hidden_post
2023-06-01 11:32:05 +08:00
Osama Sayegh c2fcd55a80
FEATURE: Serve RTL versions of admin and plugins CSS bundles for RTL locales (#21876)
Prior to this commit, we didn't have RTL versions of our admin and plugins CSS bundles and we always served LTR versions of those bundles even when users used an RTL locale, causing admin and plugins UI elements to never look as good as when an LTR locale was used. Example of UI issues prior to this commit were: missing margins, borders on the wrong side and buttons too close to each other etc.

This commit creates an RTL version for the admin CSS bundle as well as RTL bundles for all the installed plugins and serves those RTL bundles to users/sites who use RTL locales.
2023-06-01 05:27:11 +03:00
Sam c2332d7505
FEATURE: reduce avatar sizes to 6 from 20 (#21319)
* FEATURE: reduce avatar sizes to 6 from 20

This PR introduces 3 changes:

1. SiteSetting.avatar_sizes, now does what is says on the tin.
previously it would introduce a large number of extra sizes, to allow for
various DPIs. Instead we now trust the admin with the size list.

2. When `avatar_sizes` changes, we ensure consistency and remove resized
avatars that are not longer allowed per site setting. This happens on the
12 hourly job and limited out of the box to 20k cleanups per cycle, given
this may reach out to AWS 20k times to remove things.

3.Our default avatar sizes are now "24|48|72|96|144|288" these sizes were
very specifically picked to limit amount of bluriness introduced by webkit.
Our avatars are already blurry due to 1px border, so this corrects old blur.

This change heavily reduces storage required by forums which simplifies
site moves and more.

Co-authored-by: David Taylor <david@taylorhq.com>
2023-06-01 10:00:01 +10:00
Vinoth Kannan d4bfd441ba
FEATURE: display PM participant group names in the topics list. (#21677)
After this change, we can view all participant group names on the topic list page.

Co-authored-by: Régis Hanol <regis@hanol.fr>
2023-05-31 19:32:06 +05:30
Alan Guo Xiang Tan c01580298e
Revert "PERF: Client side triggering multiple requests when opening composer (#21823)" (#21858)
This reverts commit e1ba4c6b73.

Tests are flaky
2023-05-31 21:18:45 +08:00
Alan Guo Xiang Tan 4dd053a69c
DEV: Call `MessageBus.stop()` after each system test (#21848)
## What is the problem?

MessageBus by default uses long polling which keeps a connection
open for 25 seconds by default. The problem here is that Capybara does not know about these
connections being kept opened by MessageBus and hence does not know how
to stop these connections at the end of each test. As a result, the long polling MessageBus connections are kept opened by the browser and we hit chrome's limit of 6 concurrent requests per host, new request made in the browser is marked as "pending" until a request is freed up. Since we keep a MessageBus long polling connection opened for 25 seconds, our finders in Capybara end up hitting Capybara's wait time out causing the tests to fail.  

## What is the fix?

Since we can't rely on Capybara to close all the existing Capybara
connections, we manually execute a script to stop all MessageBus
connections after each system test.

```
for i in {1..10}; do
  echo "Running iteration $i"
  PARALLEL_TEST_PROCESSORS=8 CAPYBARA_DEFAULT_MAX_WAIT_TIME=10 bin/turbo_rspec --seed=34908 --profile --verbose --format documentation spec/system
  if [ $? -ne 0 ]; then
    echo "Error encountered on iteration $i"
    exit 1
  fi
done
echo "All 10 iterations completed successfully"
```

Without the fix, the script fails consistently in the first few iterations. Running in non-headless mode with the "network" tab opened will reveal the requests that are marked as pending.
2023-05-31 21:00:35 +08:00
Alan Guo Xiang Tan e1ba4c6b73
PERF: Client side triggering multiple requests when opening composer (#21823)
What is the problem?

There are two problems being fixed here:

1. When opening the composer, we are seeing multiple requests made to
   the `/composer_messages` endpoint. This is due to our use of the
   `transitionend` event on the `#reply-control` element. The event is
   fired once for each transition event and the `#reply-control` element
   has multiple transition events.

2. System tests have animations disabled so the `transitionend` event
   does not fire at all.

What is the solution?

Instead of relying on the `transitionend` event, we can instead just
observer the `composerState` property of the `ComposerBody` component
and trigger the `composer:opened` appEvent with a delay that is similar
to the transition duration used for the `ComposerBody` component.
2023-05-31 20:58:45 +08:00
Jarek Radosz 5f1e182956
DEV: Remove deprecated posts/:username/flagged (#21846) 2023-05-31 13:00:35 +02:00
Alan Guo Xiang Tan 83af25179d
DEV: Avoid waiting full capybara default wait time (#21842)
Avoid using negated matchers with custom RSpec matchers that rely on
`has_css?` as it'll result in Capybara waiting the full default wait
time.
2023-05-31 07:00:16 +08:00
Alan Guo Xiang Tan e3e7b080c6
DEV: Disable splash screen in system tests (#21840)
Why is this change required?

We had a system test failed right after visiting a URL because an
element that was supposed to be on screen isn't. In the screenshot
captured, the app was still stuck on the splash screen. We're not sure
if this has been causing flakiness in our system tests but there is no
good reason to enable splash screen which adds some overhead to each
page load.
2023-05-31 06:16:22 +08:00
Sérgio Saquetim 908117e270
DEV: Added modifier hooks to allow plugins to tweak how categories and groups are fetched (#21837)
This commit adds modifiers that allow plugins to change how categories and groups are prefetched into the application and listed in the respective controllers.

Possible use cases:

- prevent some categories/groups from being prefetched when the application loads for performance reasons.
- prevent some categories/groups from being listed in their respective index pages.
2023-05-30 18:41:50 -03:00
Keegan George 3a54f81bf4
DEV: Skip flaky form template spec (#21838) 2023-05-30 13:55:03 -07:00
Keegan George 856c4ed295
DEV: Remove skipped form template system spec (#21832)
Co-authored-by: Joffrey JAFFEUX <j.jaffeux@gmail.com>
2023-05-30 20:37:32 +02:00
Jarek Radosz 3569a48b2d
DEV: Rescue the timeout error for a better spec cleanup (#21826)
Rescuing them still makes timing-out tests fail but doesn't break `after` spec cleanup (which could trigger more errors) Using custom error class to avoid any other possible timeout-catching code.

Also:
* remove an unnecessary `.select { |x| x.size > 0 }`
* fix a typo in a test title
2023-05-30 19:14:54 +02:00
Keegan George 093552bc84
DEV: Remove setting explicit `id` on Fabricated property (#21831) 2023-05-30 09:34:01 -07:00
Alan Guo Xiang Tan deda61b3a4
DEV: Temporarily skip system test that fails with animations disabled (#21824) 2023-05-30 16:33:06 +08:00
Alan Guo Xiang Tan b00edf3ea0 DEV: Add `--profile=[COUNT]` option for `turbo_rspec`
Why is this change required?

By default, `RSpec` comes with a `--profile=[COUNT]` option as well but
enabling that option means that the entire test suite needs to be
executed. This does not work so well for `turbo_rspec` which splits our
test files into various "buckets" for the tests to be executed in
multiple processes. Therefore, this commit adds a similar
`--profile=[COUNT]` option to `turbo_rspec` but will only profile the
tests being executed. Examples:

`LOAD_PLUGINS=1 bin/turbo_rspec --profile plugins/*/spec/system`

or

`LOAD_PLUGINS=1 bin/turbo_rspec --profile=20 plugins/*/spec/system`
2023-05-30 13:46:14 +09:00
Alan Guo Xiang Tan b580f04d34
DEV: Disable animation in system tests (#21821)
What is this change?

This change is an attempt to avoid flakiness in our tests due to
animations being enabled in our tests. An example of flakiness caused by
animations is when the `find(selector).click` pattern is used. When
`find(selector)` returns the node, its position may have changed if the
element is still moving. However, the `click` method will end up
clicking on the old position.

Either way, there is no need for us to make system tests even more
complicated by enabling animations.
2023-05-30 12:45:24 +08:00
Keegan George c74c90bae5
DEV: Show form templates in the composer (#21190) 2023-05-29 14:47:18 -07:00
Joffrey JAFFEUX 9321299caa
DEV: uses select-kit component for interface spec (#21790) 2023-05-29 10:48:59 +02:00
Alan Guo Xiang Tan 8a9d3b3eed
DEV: Skip flaky system tests on CI (#undefined) 2023-05-29 15:03:49 +08:00
Alan Guo Xiang Tan 7fdede9f0f
DEV: Speed up slow system tests (#21803)
What is the problem?

Prior to this change, we had a `has_css?(context + ":not(.is-expanded)"`
check when using the select-kit component page object. The problem here
is that this check will end up waiting the full capybara default wait
time if the select-kit has already been expanded. It turns out that we
were calling this check alot of times when the select-kit has already
been expanded resulting in many tests waiting the full default wait
time.

What is the fix?

The fix here is to specify the `wait: 0` option such that we do not wait
and fundamentally, there is no need for us to wait at all here.
2023-05-29 13:31:02 +08:00
Krzysztof Kotlarek 9f78ff5572
FEATURE: modal for admins to edit Community section (#21668)
Allow admins to edit Community section. This includes drag and drop reorder, change names, delete and reset to default.

Visual improvements introduced in edit community section modal are available in edit custom section form as well. For example:
- drag and drop links to change their position;
- smaller icon picker.
2023-05-29 15:20:23 +10:00
Alan Guo Xiang Tan 7d9a823a55
DEV: Fix flaky user preferences interface system test (#21800)
Why is this change required?

The flaky system test was due to the fact that we had to poll for the
user preferences interface page to reload after saving. However, this
turns out to be a bug on the user perferences interface page because the
page should only reload if the user has selected a new theme that is
different from the site's default but we were reloading the page for
users that did not have any user theme selected. Therefore there was an
unnecessary reload happening when saving other fields on the user
preferences interface page.
2023-05-29 11:56:21 +08:00
Joffrey JAFFEUX 9392bd0f79
DEV: fix tag synonyms flakey specs (#21787)
The fix use the SelectKit component in the spec and improves reliability of SelectKit component to ensure expanded/collapsed state effectively set/present.

Multiple lines have also been removed as they are not necessary, eg: 

- check button is present
- click button

The check is un-necesssary as we won't find the button on click if not present. This kind of checks are only necessary when another element has to be present before the button is show, eg:

- check modal is displayed
- click button

FInally this commit changes the way the SelectKit component initializes component and now uses a css selector instead of a finder, it ensures we are always getting fresh object and allows to build complete selectors: ".context[data-id=1].foo:enabled"
2023-05-28 15:35:55 +02:00
Joffrey JAFFEUX 4303d4711f
DEV: prevents flakey in autocomplete hashtag (#21786)
Watching screenshots of failures it appears that sometimes the reply was stuck at: `this is a #` due to the autocomplete showing, given we only need to send a reply here? I think fill_in + click send should be more reliable here.

Note I also tweaked `send_reply` to accept a content param and use it to fill composer when given.
2023-05-28 14:17:39 +02:00
Joffrey JAFFEUX 885ab7c7bb
DEV: allows to open chrome tools by default (#21778)
Usage:

```
CHROME_DEV_TOOLS=bottom  bundle exec rspec /path/to/system/spec
```

This commit also regroups common chrome options under `apply_base_chrome_options`, and removes the size of the mobile window which was incorrect. browser_log param is also passed to mobile chrome options.
2023-05-28 14:16:38 +02:00
Joffrey JAFFEUX 71330961dc
DEV: more reliable toggle_setting spec helper (#21779)
Page settings can be very long and the setting can be way out of viewport. This should ensure the setting can be found and clicked.

This was for example causing this flakey in discourse-topic-voting:

```
Failures:

  1) Voting enables voting in category topics and votes
     Failure/Error: find(".edit-category-tab .#{setting} label.checkbox-label", text: text).click

     Capybara::ElementNotFound:
       Unable to find css ".edit-category-tab .enable-topic-voting label.checkbox-label"

     [Screenshot Image]: /__w/discourse/discourse/tmp/capybara/failures_r_spec_example_groups_voting_enables_voting_in_category_topics_and_votes_873.png

     ~~~~~~~ JS LOGS ~~~~~~~
     http://localhost:31341/favicon.ico - Failed to load resource: the server responded with a status of 404 (Not Found)
     ~~~~~ END JS LOGS ~~~~~

     # ./vendor/bundle/ruby/3.2.0/gems/capybara-3.39.1/lib/capybara/node/finders.rb:312:in `block in synced_resolve'
     # ./vendor/bundle/ruby/3.2.0/gems/capybara-3.39.1/lib/capybara/node/base.rb:84:in `synchronize'
     # ./vendor/bundle/ruby/3.2.0/gems/capybara-3.39.1/lib/capybara/node/finders.rb:301:in `synced_resolve'
     # ./vendor/bundle/ruby/3.2.0/gems/capybara-3.39.1/lib/capybara/node/finders.rb:60:in `find'
     # ./vendor/bundle/ruby/3.2.0/gems/capybara-3.39.1/lib/capybara/session.rb:773:in `find'
     # ./vendor/bundle/ruby/3.2.0/gems/capybara-3.39.1/lib/capybara/dsl.rb:52:in `call'
     # ./vendor/bundle/ruby/3.2.0/gems/capybara-3.39.1/lib/capybara/dsl.rb:52:in `find'
     # ./spec/system/page_objects/pages/category.rb:34:in `toggle_setting'
     # ./plugins/discourse-topic-voting/spec/system/voting_spec.rb:39:in `block (2 levels) in <main>'
     # ./spec/rails_helper.rb:368:in `block (3 levels) in <top (required)>'
     # ./vendor/bundle/ruby/3.2.0/gems/timeout-0.3.2/lib/timeout.rb:189:in `block in timeout'
     # ./vendor/bundle/ruby/3.2.0/gems/timeout-0.3.2/lib/timeout.rb:36:in `block in catch'
     # ./vendor/bundle/ruby/3.2.0/gems/timeout-0.3.2/lib/timeout.rb:36:in `catch'
     # ./vendor/bundle/ruby/3.2.0/gems/timeout-0.3.2/lib/timeout.rb:36:in `catch'
     # ./vendor/bundle/ruby/3.2.0/gems/timeout-0.3.2/lib/timeout.rb:198:in `timeout'
     # ./spec/rails_helper.rb:364:in `block (2 levels) in <top (required)>'
     # ./spec/rails_helper.rb:356:in `block (2 levels) in <top (required)>'
     # ./vendor/bundle/ruby/3.2.0/gems/webmock-3.18.1/lib/webmock/rspec.rb:37:in `block (2 levels) in <top (required)>'

Finished in 7 minutes 18 seconds (files took 0 seconds to load)
445 examples, 1 failure, 17 pending, 1 error occurred outside of examples

Failed examples:

rspec ./plugins/discourse-topic-voting/spec/system/voting_spec.rb:27 # Voting enables voting in category topics and votes
```
2023-05-28 14:15:10 +02:00
Joffrey JAFFEUX 8d5e3e1cf4
DEV: ensures preview button is enabled (#21780)
In tests we could attempt to click the preview button when it was not enabled yet, causing a noop and a future failure. This fix ensures we try to find (and wait) for an enabled button.

This should help with this specific flakey:

```
Failures:

  1) Admin Customize Form Templates when visiting the page to create a new form template should render all the input field types in the preview
     Failure/Error: find(".form-template-field__#{type}").present?

     Capybara::ElementNotFound:
       Unable to find css ".form-template-field__input"

     [Screenshot Image]: /__w/discourse/discourse/tmp/capybara/failures_r_spec_example_groups_admin_customize_form_templates_when_visiting_the_page_to_create_a_new_form_template_should_render_all_the_input_field_types_in_the_preview_277.png

     ~~~~~~~ JS LOGS ~~~~~~~
     http://localhost:31339/favicon.ico - Failed to load resource: the server responded with a status of 404 (Not Found)
     ~~~~~ END JS LOGS ~~~~~

     # ./vendor/bundle/ruby/3.2.0/gems/capybara-3.39.1/lib/capybara/node/finders.rb:312:in `block in synced_resolve'
     # ./vendor/bundle/ruby/3.2.0/gems/capybara-3.39.1/lib/capybara/node/base.rb:84:in `synchronize'
     # ./vendor/bundle/ruby/3.2.0/gems/capybara-3.39.1/lib/capybara/node/finders.rb:301:in `synced_resolve'
     # ./vendor/bundle/ruby/3.2.0/gems/capybara-3.39.1/lib/capybara/node/finders.rb:60:in `find'
     # ./vendor/bundle/ruby/3.2.0/gems/capybara-3.39.1/lib/capybara/session.rb:773:in `find'
     # ./vendor/bundle/ruby/3.2.0/gems/capybara-3.39.1/lib/capybara/dsl.rb:52:in `call'
     # ./vendor/bundle/ruby/3.2.0/gems/capybara-3.39.1/lib/capybara/dsl.rb:52:in `find'
     # ./spec/system/page_objects/pages/form_template.rb:55:in `has_input_field?'
     # ./spec/system/admin_customize_form_templates_spec.rb:114:in `block (3 levels) in <main>'
     # ./spec/rails_helper.rb:368:in `block (3 levels) in <top (required)>'
     # ./vendor/bundle/ruby/3.2.0/gems/timeout-0.3.2/lib/timeout.rb:189:in `block in timeout'
     # ./vendor/bundle/ruby/3.2.0/gems/timeout-0.3.2/lib/timeout.rb:36:in `block in catch'
     # ./vendor/bundle/ruby/3.2.0/gems/timeout-0.3.2/lib/timeout.rb:36:in `catch'
     # ./vendor/bundle/ruby/3.2.0/gems/timeout-0.3.2/lib/timeout.rb:36:in `catch'
     # ./vendor/bundle/ruby/3.2.0/gems/timeout-0.3.2/lib/timeout.rb:198:in `timeout'
     # ./spec/rails_helper.rb:364:in `block (2 levels) in <top (required)>'
     # ./spec/rails_helper.rb:356:in `block (2 levels) in <top (required)>'
     # ./vendor/bundle/ruby/3.2.0/gems/webmock-3.18.1/lib/webmock/rspec.rb:37:in `block (2 levels) in <top (required)>'
```
2023-05-28 14:15:02 +02:00
Joffrey JAFFEUX 5c05361587
DEV: ensures save button is visible and enabled (#21781)
In tests we could attempt to click the button before it was enabled and it could also not be visible on screen. This commits attempts to solve both problems.

It should solve this failure:

```
Failures:

  1) Admin Customize Form Templates when visiting the page to create a new form template should allow admin to create a new form template
     Failure/Error: find(".form-templates__table tbody tr td", text: name).present?

     Capybara::ElementNotFound:
       Unable to find css ".form-templates__table tbody tr td"

     [Screenshot Image]: /__w/discourse/discourse/tmp/capybara/failures_r_spec_example_groups_admin_customize_form_templates_when_visiting_the_page_to_create_a_new_form_template_should_allow_admin_to_create_a_new_form_template_911.png

     ~~~~~~~ JS LOGS ~~~~~~~
     http://localhost:31339/favicon.ico - Failed to load resource: the server responded with a status of 404 (Not Found)
     ~~~~~ END JS LOGS ~~~~~

     # ./vendor/bundle/ruby/3.2.0/gems/capybara-3.39.1/lib/capybara/node/finders.rb:312:in `block in synced_resolve'
     # ./vendor/bundle/ruby/3.2.0/gems/capybara-3.39.1/lib/capybara/node/base.rb:84:in `synchronize'
     # ./vendor/bundle/ruby/3.2.0/gems/capybara-3.39.1/lib/capybara/node/finders.rb:301:in `synced_resolve'
     # ./vendor/bundle/ruby/3.2.0/gems/capybara-3.39.1/lib/capybara/node/finders.rb:60:in `find'
     # ./vendor/bundle/ruby/3.2.0/gems/capybara-3.39.1/lib/capybara/session.rb:773:in `find'
     # ./vendor/bundle/ruby/3.2.0/gems/capybara-3.39.1/lib/capybara/dsl.rb:52:in `call'
     # ./vendor/bundle/ruby/3.2.0/gems/capybara-3.39.1/lib/capybara/dsl.rb:52:in `find'
     # ./spec/system/page_objects/pages/form_template.rb:21:in `has_form_template?'
     # ./spec/system/admin_customize_form_templates_spec.rb:71:in `block (3 levels) in <main>'
     # ./spec/rails_helper.rb:381:in `block (3 levels) in <top (required)>'
     # ./vendor/bundle/ruby/3.2.0/gems/timeout-0.3.2/lib/timeout.rb:189:in `block in timeout'
     # ./vendor/bundle/ruby/3.2.0/gems/timeout-0.3.2/lib/timeout.rb:36:in `block in catch'
     # ./vendor/bundle/ruby/3.2.0/gems/timeout-0.3.2/lib/timeout.rb:36:in `catch'
     # ./vendor/bundle/ruby/3.2.0/gems/timeout-0.3.2/lib/timeout.rb:36:in `catch'
     # ./vendor/bundle/ruby/3.2.0/gems/timeout-0.3.2/lib/timeout.rb:198:in `timeout'
     # ./spec/rails_helper.rb:377:in `block (2 levels) in <top (required)>'
     # ./spec/rails_helper.rb:369:in `block (2 levels) in <top (required)>'
     # ./vendor/bundle/ruby/3.2.0/gems/webmock-3.18.1/lib/webmock/rspec.rb:37:in `block (2 levels) in <top (required)>'
```
2023-05-28 14:14:25 +02:00
Alan Guo Xiang Tan dab37c1a5a
DEV: Run tests with new chrome headless (#21684)
New headless shares the same implementation as the chrome browser
instead of being a separate implementation of its own.

See https://developer.chrome.com/articles/new-headless/ for more
details

Co-authored-by: Rafael dos Santos Silva <xfalcox@gmail.com>
2023-05-26 11:02:56 +02:00
Osama Sayegh bb3c05ba0e
DEV: Allow plugins to hook into user preferences update process on the server (#21737)
This commit introduces a new `within_user_updater_transaction` event that's triggered inside the transaction that saves user updates in `UserUpdater`. Plugins can hook into the transaction using the event to include custom changes in the transaction. Callbacks for this event receive 2 arguments:

1. the user being saved
2. the changed attributes that are passed to `UserUpdater`.

There's also new modifier in this commit called `users_controller_update_user_params` to allow plugins to allowlist custom params in the `UsersController` which eventually end up getting passed as attributes to the `UserUpdater` and the new `within_user_updater_transaction` event where they can be used to perform additional updates using the custom params.

-----

New API is used in https://github.com/discourse/discourse-mailinglist-integration/pull/1.
2023-05-26 03:26:38 +03:00
Renato Atilio c539f749f1
FEATURE: support for chronologically merging posts into existing topic (#21374)
When a user chooses to move a topic/message to an existing topic/message, they can now opt to merge the posts chronologically (using a checkbox in the UI).
2023-05-25 14:38:34 -04:00
Sérgio Saquetim 6a65fa982d
FIX: Include more_topic_url in the response to /categories_and_{latest, top} (#21738)
The field more_topic_url is already included in the response preloaded in categories#index

However this field was missing if a request was subsequently made to update the page using
the end-points /categories_and_latest or /categories_and_top. This could lead the client
app to display incorrect information if it relied on this information to update the UI.
2023-05-25 15:24:48 -03:00
Jarek Radosz 036e27e69a
DEV: Move distance_of_time_in_words/time_ago_in_words (#21745)
It wasn't a patch (just two helper functions that were called directly) and no longer has much to do with "Rails 4"
2023-05-25 14:53:59 +02:00
Jarek Radosz 22a6ae7e32
DEV: Remove `renderTemplate` from the styleguide (#21660)
Adds plugin API:

```js
import fidget from "../components/styleguide/molecules/fidget";

api.addStyleguideSection({
  component: fidget,
  id: "fidget",
  category: "molecules",
  priority: 0,
});
```

Removes notes. You can always add `<p class="styleguide-note">` to section components to annotate them.
2023-05-25 11:22:36 +02:00
Alan Guo Xiang Tan e8b138e24f
DEV: Minor improvements to SidebarSectionsController spec (#21734)
1. '#reorder' specs where serializing objects when it is not needed.

2. Add tests for anon user to `#reorder` specs
2023-05-25 10:08:10 +08:00
Alan Guo Xiang Tan 5cfe323445
PERF: Strict loading for SidebarSection queries (#21717)
What is this change required?

I noticed that actions in `SidebarSectionsController` resulted in
lots of N+1 queries problem and I wanted a solution to
prevent such problems without having to write N+1 queries tests. I have
also used strict loading for `SidebarSection` queries in performance
sensitive spots.

Note that in this commit, I have also set `config.active_record.action_on_strict_loading_violation = :log`
for the production environment so that we have more visibility of
potential N+1 queries problem in the logs. In development and test
environment, we're sticking with the default of raising an error.
2023-05-25 09:10:32 +08:00
Alan Guo Xiang Tan 916495e0a1
DEV: Avoid leaking new site setting states in test environment (#21713)
What is the problem?

In the test environement, we were calling `SiteSetting.setting` directly
to introduce new site settings. However, this leads to changes in state of the SiteSettings
hash that is stored in memory as test runs. Changing or leaking states
when running tests is one of the major contributors of test flakiness.

An example of how this resulted in test flakiness is our `spec/integrity/i18n_spec.rb` spec file which
had a test case that would fail because a new "plugin_setting" site
setting was registered in another test case but the site setting did not
have translations for the site setting set.

What is the fix?

There are a couple of changes being introduced in this commit:

1. Make `SiteSetting.setting` a private method as it is not safe to be
   exposed as a public method of the `SiteSetting` class

2. Change test cases to use existing site settings in Discourse instead
   of creating custom site settings. Existing site settings are not
   removed often so we don't really need to dynamically add new site
   settings in test cases. Even if the site settings being used in test
   cases are removed, updating the test cases to rely on other site
   settings is a very easy change.

3. Set up a plugin instance in the test environment as a "fixture"
   instead of having each test create its own plugin instance.
2023-05-25 07:53:57 +08:00
Bianca Nenciu 61a0ae3755
FEATURE: Create legal topics for set company name (#21620)
Legal topics, such as the Terms of Service and Privacy Policy topics
do not make sense if the entity creating the community is not a company.
These topics will be created and updated only when the company name is
present and deleted when it is not.
2023-05-24 23:05:36 +03:00
Joffrey JAFFEUX 38d358fb9a
FIX: flakey spec in sidebar with new font size (#21728)
This commit also includes two changes to the rails helper which make tests more consistent on different devices. With this change the failure was reproducible locally and not only on CI:

```
options.add_argument("--force-device-scale-factor=1")
```

The fix itself is quite simple and attempts to find safe click coordinates, the previous solution could fail depending on the size of the sidebar.
2023-05-24 18:59:12 +02:00
Loïc Guitaut 37b71c5903 FIX: Don’t run validations when invalidating invites
This patch is a followup of
https://github.com/discourse/discourse/pull/21504 where limits on custom
message for an invite were introduced.

This had a side effect of making some existing invites invalid and with
the current code, they can’t be invalidated anymore.

This patch takes the approach of skipping the validations when invites
are invalidated since the important thing here is to mark the invite as
invalidated regardless of its actual state in the DB. (no other
attributes are updated at the same time anyway)
2023-05-24 15:51:33 +02:00
Gerhard Schlager 4332f4b833
DEV: Fix flaky `Group` specs (#21722)
Comparing arrays without an explicit order or sort is usually a bad idea and leads to flakiness. It also replaces `#sort` calls in a couple of specs with array specific matchers like `contain_exactly` and `match_array`.

In addition to that it switches the arguments of some expectations around, because it should be `expect(actual).to eq(expected)` instead of `expect(expected).to eq(actual)`
2023-05-24 12:45:22 +02:00
Vinoth Kannan ded6ea66a5
FIX: skip iframe URLs with relative paths in pretty text sanitizer. (#21714)
This commit prevents unallowed URLs in iframe src by adding a relative path like `https://bob.com/abc/def/../ghi`. Currently, the iframe linking to the site uses the current_user, not the post's author, so users who have no access to a certain path are not able to view anything they shouldn't.
2023-05-24 16:14:18 +05:30
Sam b2e3084205
FEATURE: allow searching for oldest topics (#21715)
In some cases reverse chronological can be very important.

- Oldest post by sam
- Oldest topic by sam

Prior to these new filters we had no way of searching for them.

Now the 2 new orders `order:oldest` and `order:oldest_topic` can be used
to find oldest topics and posts

* Update spec/lib/search_spec.rb

Co-authored-by: Alan Guo Xiang Tan <gxtan1990@gmail.com>

* Update spec/lib/search_spec.rb

Co-authored-by: Alan Guo Xiang Tan <gxtan1990@gmail.com>

---------

Co-authored-by: Alan Guo Xiang Tan <gxtan1990@gmail.com>
2023-05-24 18:26:36 +10:00
Loïc Guitaut 4ea396e67c DEV: Bump the limits on group request text fields
Users submitting requests to join groups were not receiving errors when
the character limit for the request was exceeded. This also affects the
UX when admin-created group request templates are inserted into the
request.

This patch bumps the limits.

- https://meta.discourse.org/t/group-membership-requests-suddenly-limited-to-274-characters/265127
- https://github.com/discourse/discourse/pull/19993
2023-05-24 09:57:46 +02:00
Alan Guo Xiang Tan 505f869b70
DEV: Update I18n to 1.13.0 (#21685) 2023-05-24 08:59:37 +08:00
Krzysztof Kotlarek 2aa5fc927e
FIX: allow published pages to be added to sidebar (#21687)
Custom sidebar sections should accept publish pages with URL `/pub/*`. Similarly to `/my/activity` links.
2023-05-24 08:59:19 +10:00
Blake Erickson b637249169
FIX: Video thumbnails can have duplicates (#21681)
* FIX: Video thumbnails can have duplicates

It's possible that a duplicate video or even a very similar video could
generate the same video thumbnail. Because video thumbnails are mapped
to their corresponding video by using the video sha1 in the thumbnail
filename we need to allow for duplicate thumbnails otherwise even when a
thumbnail has been generated for a topic it will not be mapped
correctly.

This will also allow you to re-upload a video on the same topic to
regenerate the thumbnail.

* fix typo
2023-05-23 09:00:09 -06:00
Faizaan Gagan d1334a7aaf
FIX: consider users.created_at for inactive cleanup (#21688) 2023-05-23 13:41:23 +05:30
Martin Brennan 0b3cf83e3c
FIX: Do not cook icon with hashtags (#21676)
This commit makes some fundamental changes to how hashtag cooking and
icon generation works in the new experimental hashtag autocomplete mode.
Previously we cooked the appropriate SVG icon with the cooked hashtag,
though this has proved inflexible especially for theming purposes.

Instead, we now cook a data-ID attribute with the hashtag and add a new
span as an icon placeholder. This is replaced on the client side with an
icon (or a square span in the case of categories) on the client side via
the decorateCooked API for posts and chat messages.

This client side logic uses the generated hashtag, category, and channel
CSS classes added in a previous commit.

This is missing changes to the sidebar to use the new generated CSS
classes and also colors and the split square for categories in the
hashtag autocomplete menu -- I will tackle this in a separate PR so it
is clearer.
2023-05-23 09:33:55 +02:00
Krzysztof Kotlarek 2af897df61
DEV: specs to ensure that only admin can edit Community section (#21666)
In addition, add lock that even admin can not delete Community section
2023-05-23 10:54:55 +10:00
Krzysztof Kotlarek 75417be528
DEV: edited links are set in specific order (#21665)
Update section endpoint already exists. However, it has to also respect order of links.
2023-05-23 10:00:46 +10:00
Krzysztof Kotlarek 7ead8de232
DEV: endpoint to reset community community-section (#21664)
In upcoming PRs, admins will be able to edit the Community section. We need an endpoint which allows resetting it to the default state.
2023-05-23 09:53:32 +10:00
Faizaan Gagan a58c37bdc5
FIX: allow admin to change topic notification level via API (#21581)
* FIX: allow admin to change topic notification level via API

* default to `current_user` if admin changes own level

* check param existence

* simplify condition

* remove rescue

* Update spec/requests/topics_controller_spec.rb

Co-authored-by: Penar Musaraj <pmusaraj@gmail.com>

* added specs for other cases

---------

Co-authored-by: Penar Musaraj <pmusaraj@gmail.com>
2023-05-23 00:47:58 +05:30
Faizaan Gagan efdfddf7fc
FIX: consider users with trashed topics/posts for inactive cleanup (#21678)
* FIX: consider users with trashed topics/posts for inactive cleanup

* defer checking for missing associations
2023-05-23 00:26:24 +05:30
Natalie Tay 07061410d8
FIX: Anonymizing a user clears their user status too (#21673) 2023-05-22 13:18:09 +08:00
Juan David Martínez Cubillos 774313ef0f
FIX: Fix for Default to subcategory when parent category does not allow posting (#21537)
* FIX: Fix for Default to subcategory when parent category does not allow posting

* added tests for edge case scenario

* implemented correct behaviour when parent category doesn't have subcategories

* implemented new fabricator for categories and suggested changes
2023-05-19 07:37:23 -05:00
Jarek Radosz 928d608ce7
DEV: Add a per-spec timeout (#21648) 2023-05-19 12:08:48 +02:00
Régis Hanol db9d998de3
FIX: improve mailman email parsing (#21627)
https://meta.discourse.org/t/improving-mailman-email-parsing/253041

When mirroring a public mailling list which uses mailman, there were some cases where the incoming email was not associated to the proper user.

As it happens, for various (undertermined) reasons, the email from the sender is often not in the `From` header but can be in any of the following headers: `Reply-To`, `CC`, `X-Original-From`, `X-MailFrom`.

It might be in other headers as well, but those were the ones we found the most reliable.
2023-05-19 10:33:48 +02:00
Alan Guo Xiang Tan b183b997fb
UX: Add custom section button should not be shown to anon users (#21651) 2023-05-19 09:31:25 +08:00
Bianca Nenciu 5654aedd75
UX: Remove welcome topic admin tip and tweak copy (#21593)
The welcome topic user tip was for admins only, but in general, user
tips should be used for guiding new users through the features that
Discourse offers. For this reason, we decided to remove the user tip.

This commit also includes a few more copy tweaks to the welcome topic.
2023-05-18 16:38:04 +03:00
Bianca Nenciu f0ec1fad8c
FIX: Update category tag stats with new or deleted (#21531)
The old method updated only existing records, without considering that
new tags might have been created or some tags might not exist anymore.
This was usually not a problem because the stats were also updated by
other code paths.

However, the ensure consistency job should be more solid and help when
other code paths fail or after importing data.

Also, update category tag stats too should happen when updating other
category stats as well.
2023-05-18 12:46:44 +03:00
Martin Brennan 341f87efb7
FIX: Show gif upload size limit error straight away (#21633)
When uploading images via direct to S3 upload, we were
assuming that we could not pre-emptively check the file
size because the client may do preprocessing to reduce
the size, and UploadCreator could also further reduce the
size.

This, however, is not true of gifs, so we would have an
issue where you upload a gif > the max_image_size_kb
setting and had to wait until the upload completed for
this error to show.

Now, instead, when we direct upload gifs to S3, we check
the size straight away and present a file size error to
the user rather than making them wait. This will increase
meme efficiency by approximately 1000%.
2023-05-18 10:36:34 +02:00
David Battersby 1de8361d2e
FIX: Prevent Email Processor errors when mail is blank or nil (#21292)
Currently processing emails that are blank or have a nil value for the mail will cause several errors.

This update allows emails with blank body or missing sender to log the blank email error to the mail logs rather than throwing an error.
2023-05-18 10:39:37 +08:00
Keegan George 082821c754
DEV: Remove legacy user menu (#21308) 2023-05-17 09:16:42 -07:00
Joffrey JAFFEUX 60c67afba4
DEV: various improvements to devex on chat (#21612)
- Improves styleguide support
- Adds toggle color scheme to styleguide
- Adds properties mutators to styleguide
- Attempts to quit a session as soon as done with it in system specs, this should at least free resources faster
- Refactors fabricators to simplify them
- Adds more fabricators (uploads for example)
- Starts implementing components pattern in system specs
- Uses Chat::Message creator to create messages in system specs, this should help to have more real specs as the side effects should now happen
2023-05-17 17:49:52 +02:00
Ted Johansson 445196399d
FIX: Remove obsolete references to lounge category (#21607)
### What is this change?

The lounge category was replaced with the general category in https://github.com/discourse/discourse/pull/18097.

However, there are still a few references to the lounge category in code. In particular, `Category#seeded?` is erroring out in production looking for `SiteSetting.lounge_category_id`.
2023-05-17 16:34:14 +08:00
Alan Guo Xiang Tan 8d58b1c6b8
DEV: Avoid multiple fabrications in spec (#21606) 2023-05-17 14:28:31 +08:00
Alan Guo Xiang Tan 5878535606
FIX: Searching for svg sprite icons connecting to default database (#21605)
What is the problem?

In `SvgSpriteController#search` and `SvgSpriteController#icon_picker_search`, the controller actions
was using the `RailsMultisite::ConnectionManagement.with_hostname` API
but `params[:hostname]` was always `nil` because the routes does not
have a `:hostname` param component and the client does not ever pass the
`:hostname` param when making the request. When `RailsMultisite::ConnectionManagement.with_hostname` is
used with a `nil` argument, it ends up connecting to the default
multisite database. Usually this would be bad because we're allowing a
site in a multisite setup to connect to another site but thankfully no
private data is being leaked here.

What is the fix?

Since `SvgSpriteController#search` and `SvgSpriteController#icon_picker_search` are login required route,
there is no need for us to switch database connections. The fix here is
to simply remove the use of `RailsMultisite::ConnectionManagement.with_hostname`.
2023-05-17 14:25:06 +08:00
Sérgio Saquetim 21ec70b509
FIX: Miscellaneous tagging errors (#21490)
* FIX: Displaying the wrong number of minimum tags in the composer

When the minimum number of tags set for the category is larger than the minimum number of tags
set in the category tag-groups, the composer was displaying the wrong value.

This commit fixes the value displayed in the composer to show the max value between the required
for the category and the tag-groups set for the category.

This bug was reported on Meta in https://meta.discourse.org/t/tags-from-multiple-tag-groups-required-only-suggest-select-at-least-one-tag/263817

* FIX: Limiting tags in categories not working as expected

When a category was restricted to a tag group A, which was set to only allow
one tag from the group per topic, selecting a tag belonging only to A returned
other tags from A that also belonged to other group/s (if any).

Example:

Tag group A: alpha, beta, gamma, epsilon, delta
Tag group B: alpha, beta, gamma

Both tag groups set to only allow one tag from the group per topic.

If Category 1 was set to only allow tags from the tag group A, and the first tag
selected was epsilon, then, because they also belonged to tag group B, the tags
alpha, beta, and gamma were still returned as valid options when they should not be.

This commit ensures that once a tag from a tag group that restricts its tags to
one per topic is selected, no other tag from this group is returned.

This bug was reported on Meta in https://meta.discourse.org/t/limiting-tags-to-categories-not-working-as-expected/263143.

* FIX: Moving topics does not prompt to add required tag for new category

When a topic moved from a category to another, the tag requirements
of the new category were not being checked.

This allowed a topic to be created and moved to a category:

- that limited the tags to a tag group, with the topic containing tags
not allowed.
- that required N tags from a tag group, with the topic not containing
the required tags.

This bug was reported on Meta in https://meta.discourse.org/t/moving-tagged-topics-does-not-prompt-to-add-required-tag-for-new-category/264138.

* FIX: Editing topics with tag groups from parents allows incorrect tagging

When there was a combination between parent tags defined in a tag group
set to allow only one tag from the group per topic, and other tag groups
relying on this restriction to combine the children tag types with the
parent tag, editing a topic could allow the user to insert an invalid
combination of these tags.

Example:

Automakers tag group: landhover, toyota
  - group set to limit one tag from the group per topic

Toyota models group: land-cruiser, hilux, corolla

Landhover models group: evoque, defender, discovery

If a topic was initially set up with the tags toyota, land-cruiser it was
possible to edit it by removing the tag toyota and adding the tag landhover
and other landhover model tags like evoque for example.

In this case, the topic would end up with the tags toyota, land-cruiser,
landhover, evoque because Discourse will automatically insert the
missing parent tag toyota when it detects the tag land-cruiser.

This combination of tags would violate the restriction specified in
the Automakers tag group resulting in an invalid combination of tags.

This commit enforces that the "one tag from the group per topic"
restriction is verified before updating the topic tags and also
make sure the verification checks the compatibility of parent tags that
would be automatically inserted.

After the changes, the user will receive an error similar to:
The tags land-cruiser, landhover cannot be used simultaneously.
Please include only one of them.
2023-05-15 17:19:41 -03:00
Bianca Nenciu 78022e7a5f
FEATURE: Show user cards for inactive users (#21387)
It used to return 404 which made the user card render and then quickly disappear.
2023-05-15 21:45:26 +03:00
Richard 2b7c677a8c Fix tests 2023-05-15 16:45:33 +02:00
Bianca Nenciu 9a2780397f
FIX: Handle all UTF-8 characters (#21344)
Watched words were converted to regular expressions containing \W, which
handled only ASCII characters. Using [^[:word]] instead ensures that
UTF-8 characters are also handled correctly.
2023-05-15 12:45:04 +03:00
Loïc Guitaut d63ce56252 DEV: Set limit for Invite#custom_message 2023-05-15 09:55:28 +02:00
Loïc Guitaut b81c13280a DEV: Set limits for text fields on BadgeGrouping 2023-05-15 09:54:54 +02:00
Loïc Guitaut 9f283eb836
DEV: Set a limit for ApiKey#description (#21502) 2023-05-15 14:12:25 +10:00
Alan Guo Xiang Tan 366c676156
DEV: Remove flaky test from TopcisFilter (#21543)
TopicsFilter is meant to generate a query scope from a given string so
we don't really need to ensure any ordering outside of the supported
order filters.
2023-05-15 11:18:58 +08:00
Jarek Radosz eec10efc3d
DEV: Enable color CI output and tweak formatting (#21527)
* Color for turbo_rspec in CI (`progress` and `documentation` formats)
* Show "DONE" only when `documentation` formatter is used
* Fix formatting
* Collapse RSpec commands
* Add line wrapping to the `progress` formatter (to mitigate GH Actions issue)
2023-05-12 18:22:15 +02:00
Bianca Nenciu b73a9a1faa
UX: Various improvements to welcome topic CTA (#21010)
- Update welcome topic copy
- Edit the welcome topic automatically when the title or description changes
- Remove “Create your Welcome Topic” banner/CTA
- Add "edit welcome topic" user tip
2023-05-12 17:09:40 +03:00
Jarek Radosz fc17045876
DEV: Clean up workflow files (#21526) 2023-05-12 14:00:04 +02:00
Ted Johansson 07f87ff7a8
DEV: Strictly filter tag search limit parameter input (#21524)
### What is the problem?

It is possible to pass an arbitrary value to the limit parameter in `TagsController#search`, and have it flow through `DiscourseTagging.filter_allowed_tags` where it will raise an error deep in the database driver. MiniSql ensures there's no injection happening, but that ultimately results in an invalid query.

### How does this fix it?

This change checks more strictly that the parameter can be cleanly converted to an integer by replacing the loose `#to_i` conversion semantics with the stronger `Kernel#Integer` ones.

**Example:**

```ruby
"1; SELECT 1".to_i
#=> 1

Integer("1; SELECT 1")
#=> ArgumentError
```

As part of the change, I also went ahead to disallow a limit of "0", as that doesn't seem to be a useful option. Previously only negative limits were disallowed.
2023-05-12 16:49:14 +08:00
Ted Johansson 59867cc091
DEV: Gracefully handle user avatar download SSRF errors (#21523)
### Background

When SSRF detection fails, the exception bubbles all the way up, causing a log alert. This isn't actionable, and should instead be ignored. The existing `rescue` does already ignore network errors, but fails to account for SSRF exceptions coming from `FinalDestination`.

### What is this change?

This PR does two things.

---

Firstly, it introduces a common root exception class, `FinalDestination::SSRFError` for SSRF errors. This serves two functions: 1) it makes it easier to rescue both errors at once, which is generally what one wants to do and 2) prevents having to dig deep into the class hierarchy for the constant.

This change is fully backwards compatible thanks to how inheritance and exception handling works.

---

Secondly, it rescues this new exception in `UserAvatar.import_url_for_user`, which is causing sporadic errors to be logged in production. After this SSRF errors are handled the same as network errors.
2023-05-12 15:32:02 +08:00
Jarek Radosz f9db5d5ea6
DEV: Stub stderr instead of manual change (#21511)
Fixes "stack too deep" issues in CI
2023-05-11 21:18:55 +02:00
Blake Erickson bd6e487df0
FIX: Allow integer group_ids for create invite api (#21494)
This fixes a bug in the create invite API where if you passed in an
integer for the group_ids field it would fail to add the user to the
specified group.
2023-05-11 11:39:33 -06:00
Ted Johansson b837459e1d
DEV: Add both safe and unsafe Discourse.store.download methods (#21498)
* DEV: Add both safe and unsafe Discourse.store.download methods

* DEV: Update call sites that can use the safe store download method
2023-05-11 17:27:27 +08:00
Juan David Martínez Cubillos 83d2f9ef78
FEATURE: Default to subcategory when parent category does not allow posting (#21228)
added site toggle functionality through site settings

added tests to implemented feature

Introduced suggested correction

renamed find_new_topic method and deleted click_new_topic_button method
2023-05-10 12:34:39 -05:00
Bianca Nenciu d3a5a493fa
DEV: Add configurable? helper to Plugin::Instance (#21472)
This reapplies commit 3073e5cfb0, with
a fix that makes sure that plugins can be looked up both by the name
present in metadata and directory name.
2023-05-10 16:21:48 +03:00
Jan Cernik cbbaeb55b5
FIX: Don't autojoin users when they have ready-only permissions (#20213)
After this change, in order to join a chat channel, a user needs to be in a group with at least “Reply” permission for the category. If the user only has “See” permission, they are able to preview the channel, but not join it or send messages. The auto-join function also follows this new restriction.

---------

Co-authored-by: Martin Brennan <martin@discourse.org>
2023-05-10 08:45:13 -03:00
Joffrey JAFFEUX 3727c95f6f
Revert "DEV: Add configurable? helper to Plugin::Instance (#20767)" (#21469)
This reverts commit 3073e5cfb0.
2023-05-10 12:41:55 +02:00
Bianca Nenciu 3073e5cfb0
DEV: Add configurable? helper to Plugin::Instance (#20767)
This can be used to forcibly disable plugins.
2023-05-10 13:16:37 +03:00
Sam bd32912c5e
FIX: do not allow title stuffing to dominate search (#21464)
We were giving topics with repeated words extra weight in search index.
This meant that it was trivial to stuff words into title to dominate in search
given we search for exact title matches first.

The following tweak means that:

`invite invited invites`
and
`invite some stuff`

Both rank the same for title searching.

Titles are short and punchy, duplicating words should not give special
weight.

Requires a full reindex to take effect.
2023-05-10 11:47:58 +10:00
Blake Erickson 89f721cf67
FIX: Create invite api docs (#21460)
This fixes the api documentation for the create invite api endpoint so
that it uses the `group_ids` param when specifying the group instead of
the incorrect `group_id` param.
2023-05-09 13:20:46 -06:00
Martin Brennan 7a1d60c60e
FIX: Likes received count in digest email (#21458)
This commit fixes an issue where the Likes Received notification
count in the user digest email was not affected by the
since/last_seen date for the user, which meant that no matter
how long it had been since the user visited the count was
always constant.

Now instead for the Likes Received count, we only count the
unread notifications of that type since the user was last
seen.
2023-05-09 19:19:26 +02:00
Loïc Guitaut ae369b1100 FIX: Change the limit on badges description
The current limit (250 characters) is too low, as we have some
translations used for our badge descriptions that result in a
description length of 264 characters.

To be on the safe side, the limit is now set to 500 characters.
2023-05-09 11:41:40 +02:00
Alan Guo Xiang Tan 0c8d3f8542
DEV: Fix `category:` filter only supported alphabets and numbers (#21427)
A category's slug can be encoded when
`SiteSetting.slug_generation_method` has been set to "encoded". As a
result, we have to support non ASCII characters as well.
2023-05-09 08:10:08 +08:00
Alan Guo Xiang Tan 7d0ef338e4
DEV: `tag:` filter on `/filter` only supported alphabets and numbers (#21405)
A tag's name can consist of any Unicode characters as well
2023-05-09 08:02:11 +08:00
Bianca Nenciu 899eb96798
FEATURE: Enable user tips by default (#21341) 2023-05-08 20:33:08 +03:00
Alan Guo Xiang Tan 963bb3406e
DEV: Support excluding categories with the `category:` filter (#21432)
This commit adds support for excluding categories when using the
`category:` filter with the `-` prefix. For example,
`-category:category-slug` will exclude all topics that belong to the
category with slug "category-slug" and all of its sub-categories.

To only exclude a particular category and not all of its sub-categories,
the `-` prefix can be used with the `=` prefix. For example,
`-=category:category-slug` will only exclude topics that belong to the
category with slug "category-slug". Topics in the sub-categories of
"category-slug" will still be included.
2023-05-08 14:04:47 +08:00
Natalie Tay 7aa2ede17f
FIX: Update test limit for email domain (#21429) 2023-05-08 12:19:10 +08:00
Sam 83f1a13374
DEV: stop leaking data into tables during test (#21403)
This amends it so our cached counting reliant specs run in synchronize mode

When running async there are situations where data is left over in the table
after a transactional test. This means that repeat runs of the test suite
fail.
2023-05-06 07:15:33 +10:00
Alan Guo Xiang Tan fe10c61dfa
DEV: Reset capybara sessions and default driver after each test (#21402)
I don't think we're leaking state at the moment but the docs are
recommending that this two methods are called after each run.
2023-05-05 11:37:04 +08:00
Alan Guo Xiang Tan e323628d8a
DEV: Speed up core system tests (#21394)
What is the problem?

We are relying on RSpec custom matchers in system tests by defining
predicates in page objects. The problem is that this can result in a
system test unnecessarily waiting up till the full duration of
Capybara's default wait time when the RSpec custom matcher is used with
`not_to`. Considering this topic page object where we have a `has_post?`
predicate defined.

```
class Topic < PageObject
  def has_post?
    has_css?('something')
  end
end
```

The assertion `expect(Topic.new).not_to have_post` will end up waiting
the full Capybara's default wait time since the RSpec custom matcher is
calling Capybara's `has_css?` method which will wait until the selector
appear. If the selector has already disappeared by the time the
assertion is called, we end up waiting for something that will never
exists.

This commit fixes such cases by introducing new predicates that uses
the `has_no_*` versions of Capybara's node matchers.

For future reference, `to have_css` and `not_to have_css` is safe to sue
because the RSpec matcher defined by Capbyara is smart enough to call
`has_css?` or `has_no_css?` based on the expectation of the assertion.
2023-05-05 07:45:53 +08:00
Blake Erickson 9bd774bccb
SECURITY: Do not overwrite permissions on the General category (#21389)
Before this fix if you had modified the default general category
settings they would be reset back to the default after a deploy.
2023-05-04 14:30:48 -06:00
Bianca Nenciu d6534bdb11
DEV: Fix test (#21283)
Apostrophe-like characters (for example, ’ and ') are transformed to the
ASCII apostrophe (') regardless of search_ignore_accents.
2023-05-04 17:04:26 +03:00
David Taylor 05cd39d4d9
FIX: Do not log 'personal message view' when sending webhook (#21375)
Similar to the issue resolved by 3b55de90e5
2023-05-04 10:15:31 +01:00
Alan Guo Xiang Tan d4e2f764ad
DEV: Fix tags filter with more than 2 tag names in value not working (#21380)
Specifying more than two tag names when using the `tag:` filter was not
working because of a bug in the code where only the first two value in
the `tag:` filter was being selected.
2023-05-04 15:55:31 +08:00
Penar Musaraj d4a2e9a740
UX: Use fixed colors for admin stacked chart reports (#21371)
* UX: Use fixed colors for admin stacked chart reports

* Fix specs
2023-05-04 08:35:19 +02:00
Ted Johansson da6295e3d1
FIX: Allow re-flagging of ninja-edited posts (#21360)
What is the problem?

Consider the following timeline:

1. OP starts a topic.
2. Troll responds snarkily.
3. Flagger flags the post as “inappropriate”.
4. Admin agrees and hides the post.
5. Troll ninja-edits the post within the grace period, but still snarky.
6. Flagger flags the post as inappropriate again.

The current behaviour is that the flagger is met with an error saying the post has been reviewed and can't be flagged again for the same reason.

The desired behaviour is after someone has edited a post, it should be flaggable again.

Why is this happening?

This is related to the ninja-edit feature, where within a set grace period no new revision is created, but a new revision is required to flag the same post for the same reason.

So essentially there is a window between the naughty corner cooldown where a flagged post can't be edited, and the ninja-edit grace period, where an edit can be made without a new revision. Posts that are edited within this window can't be re-flagged by the same user.

|-----------------|-------------------------------|
^ Flag accepted   | ~~~~~~~~~~~~~ 🥷🏻 ~~~~~~~~~~~~ |
                  |                               ^ Editing grace period over
                  ^ Naughty corner cooldown over

How does this fix it?

We already create a new revision when ninja-editing a post with a pending flag. The issue above happens only in the case where the flag is already accepted.

This change extends the existing behaviour so that a new revision is created when ninja-editing any flagged post, regardless of the status of the flag. (Deleted flags excluded.)

This should also help with posterity, avoiding situations where a successfully flagged post looks innocuous in the history because it was ninja-edited, and vice versa.
2023-05-04 10:22:07 +08:00
Krzysztof Kotlarek 709fa24558
DEV: move sidebar community section to database (#21166)
* DEV: move sidebar community section to database

Before, community section was hard-coded. In the future, we are planning to allow admins to edit it. Therefore, it has to be moved to database to `custom_sections` table.

Few steps and simplifications has to be made:
- custom section was hidden behind `enable_custom_sidebar_sections` feature flag. It has to be deleted so all forums, see community section;
- migration to add `section_type` column to sidebar section to show it is a special type;
- migration to add `segment` column to sidebar links to determine if link should be displayed in primary section or in more section;
- simplify more section to have one level only (secondary section links are merged);
- ensure that links like `everything` are correctly tracking state;
- make user an anonymous links position consistence. For example, from now on `faq` link for user and anonymous is visible in more tab;
- delete old community-section template.
2023-05-04 12:14:09 +10:00
Alan Guo Xiang Tan afc1611be7
DEV: Disable SearchIndexer after fabrication (#21378)
SearchIndexer is only automatically disabled in `before_all` and `before` blocks which means at the start
of test runs. Enabling the SearchIndexer in one `fab!` block will affect
all other `fab!` blocks which is not ideal as we may be indexing stuff
for search when we don't need to.
2023-05-04 09:20:52 +08:00
Alan Guo Xiang Tan 9a3257cb33
DEV: Fix system test failure when ran in parallel (#21377)
What is the problem?

The system tests incorrectly assumes that the discobot user which is
seeded by a core plugin will always be present. This is not true as the
discobot user will only be seeded when the test databases are migrated
with plugins enabled. If we migrate test databases without plugins being
enabled, the core system tests should still pass.
2023-05-04 08:24:50 +08:00
Bianca Nenciu cc18a99105
FEATURE: Add new notification for admin problems (#21287)
Add new notification for admin problems to replace old PM-based flow.
2023-05-03 19:35:22 +03:00
Michael Brown 076def505e
FIX: email receiver should ignore x-auto-response-suppress
This header is used by Microsoft Exchange to indicate when certain types of
autoresponses should not be generated for an email.

It triggers our "is this mail autogenerated?" detection, but should not be used
for this purpose.
2023-05-03 12:20:00 -04:00
Loïc Guitaut 783c935dcb DEV: Set limits for text fields in reviewables 2023-05-03 09:54:54 +02:00
Alan Guo Xiang Tan b4cf990a51
DEV: Support both `tag:` as an alias for `tags:` filter for `/filter` (#21353)
We already support `category:` as an alias for `categories` so it makes
sense to support `tag:` as an alias for `tags:`.
2023-05-03 14:51:04 +08:00
Alan Guo Xiang Tan c12e7112bf
DEV: Fix `order:` filter not working on `/filter` route (#21330)
`TopicQuery#latest_results` which was being used by
`TopicQuery#list_filter` defaults to ordering by `Topic#bumped_at` in
descending order and that was taking precedent over the order scopes
being applied by `TopicsFilter`.
2023-05-03 12:40:00 +08:00
Alan Guo Xiang Tan 691b9fb919
DEV: Support comma seperated value in order filter for `/filter` route (#21318)
This allows multiple ordering to be specified by using a comma seperated string.
For example, `order:created,views` would order the topics by
`Topic#created_at` and then `Topic#views.
2023-05-03 12:39:52 +08:00
Alan Guo Xiang Tan 93f7c24240
DEV: Change `created-by` topics query filter to `created-by:@<username>` (#21317)
We want each username to be prefixed with the `@` symbol.
2023-05-03 12:39:11 +08:00
Natalie Tay ccca2dbfe0
FIX: Quoted images should be lightboxed (#21332)
An older change about optimising images caused the selector that adds lightboxing not to apply on quoted images. This fixes that. The selector is now not applicable as optimisation occurs in a separate place.

This change allows quoted images to be opened in a lightbox.
2023-05-02 17:02:19 +08:00
Gerhard Schlager 01dc461cc2
FIX: Disallow invisible Unicode characters in usernames (#21331)
The list of excluded characters is based on https://invisible-characters.com/ and the list of invisible characters used by Visual Studio Code (https://github.com/hediet/vscode-unicode-data)
2023-05-02 17:34:53 +10:00
Sam c63551d227
FEATURE: search_rank_sort_priorities modifier (#21329)
This new modifier can be used by plugins to modify search ordering.

Specifically plugins such as discourse_solved can amend search ordering
so solved topics bump to the top.

Also correct edge case where low and high sort priority categories did not
order correctly when it came to closed/archived
2023-05-02 16:36:36 +10:00
Krzysztof Kotlarek a8e28060d1
FIX: rename notify_about_flags_after to notify_about_reviewable_item_after (#21320)
Change name and description for SiteSetting to make it easier to understand.
2023-05-02 08:08:22 +10:00
Mark VanLandingham 86385bc9cf
REVERT: "FEATURE: Offline indicator controlled by message-bus connectivity (#21324)" (#21327)
This reverts commit b1da670898.
2023-05-01 15:27:02 -05:00
Mark VanLandingham b1da670898
FEATURE: Offline indicator controlled by message-bus connectivity (#21324) 2023-05-01 12:41:30 -05:00
Blake Erickson e2fbf4865a
DEV: Check if video thumbnails site setting is enabled (#21306) 2023-04-28 14:08:20 -06:00
Mark VanLandingham 36d388b57f
Revert "FEATURE: Reimplement offline indicator (#21285)" (#21296)
This reverts commit de1066abcd.
2023-04-28 06:59:10 -05:00
Mark VanLandingham de1066abcd
FEATURE: Reimplement offline indicator (#21285) 2023-04-28 06:32:35 -05:00
Mark VanLandingham 3527fbcd8e
Revert "FEATURE: Service to track message bus connectivity + offline indicator(#21259)" (#21282)
This reverts commit 6bba514b64.
2023-04-27 12:55:41 -05:00
Mark VanLandingham 6bba514b64
FEATURE: Service to track message bus connectivity + offline indicator(#21259) 2023-04-27 11:04:56 -05:00
Loïc Guitaut c4c2da83b4 DEV: Set limits for text fields in badges 2023-04-27 17:22:32 +02:00
Loïc Guitaut a89b3c27aa DEV: set limits for text fields on groups 2023-04-27 13:58:46 +02:00
Sam 2ccc5fc66e
FEATURE: add support for figure and figcaption tags in embeddings (#21276)
Many blog posts use these to illustrate and images were previously omitted

Additionally strip superfluous HTML and BODY tags from embed HTML.

This was incorrectly returned from server.
2023-04-27 19:57:06 +10:00
Alan Guo Xiang Tan 6e5e607072
DEV: Support ordering filters on `/filter` route (#21275)
This commit adds support for the following ordering filters:

1. `order:activity` which orders the topics by `Topic#bumped_at` in descending order
2. `order:activity-asc` which orders the topics by `Topic#bumped_at` in ascending order
3. `order:latest-post` which orders the topics by `Topic#last_posted_at` in descending order
4. `order:latest-post-asc` which orders the topics by `Topic#last_posted_at` in ascending order
5. `order:created` which orders the topics by `Topic#created_at` in descending order
6. `order:created-asc` which orders the topics by `Topic#created_at` in ascending order
7. `order:views` which orders the topics by `Topic#views` in descending order
8. `order:views-asc` which orders the topics by `Topic#views` in ascending order
9. `order:likes` which orders the topics by `Topic#likes` in descending order
10. `order:likes-asc` which orders the topics by `Topic#likes` in ascending order
11. `order:likes-op` which orders the topics by `Post#like_count` of the first post in the topic in descending order
12. `order:likes-op-asc` which orders the topics by `Post#like_count` of the first post in the topic in ascending order
13. `order:posters` which orders the topics by `Topic#participant_count` in descending order
14. `order:posters-asc` which orders the topics by `Topic#participant_count` in ascending order
15. `order:category` which orders the topics by `Category#name` of the topic's category in descending order
16. `order:category-asc` which orders the topics by `Category#name` of the topic's category in ascending order

Multiple order filters can be composed together and the order of ordering is applied based on the position of the filter
in the query string. For example, `order:views order:created` will order the topics by `Topic#views` in descending order
and then order the topics by `Topics#created_at` in descending order.
2023-04-27 15:44:58 +08:00
Alan Guo Xiang Tan 141555136a
DEV: Support filtering by date columns on /filter route (#21233)
This commit adds support for the following date filters:

1. `activity-before:<YYYY-MM-DD>` which filters for topics that have been bumped at or before given date
2. `activity-after:<YYYY-MM-DD>` which filters for topics that have been bumped at or after given date
3. `created-before:<YYYY-MM-DD>` which filters for topics that have been created at or before given date
4. `created-after:<YYYY-MM-DD>` which filters for topics that have been created at or after given date
5. `latest-post-before:<YYYY-MM-DD>` which filters for topics with the
latest post posted at or before given date
6. `latest-post-after:<YYYY-MM-DD>` which filters for topics with the
latest post posted at or after given date

If the filter has an invalid value, i.e string that cannot be converted
into a proper date in the `YYYY-MM-DD` format, the filter will be ignored.

If either of each filter is specify multiple times, only the last
occurrence of each filter will be taken into consideration.
2023-04-27 15:43:47 +08:00
Penar Musaraj 3abc542e63
FIX: Include group flair in homepage category topic lists (#21268)
Followup to c03f83bbea.

The `flair_group_id` parameter is now required to show the flair, and this serializer was missing that detail. 

This also fixes a typo in the `include_flair_group_name?` method.
2023-04-27 10:18:16 +08:00
Selase Krakani 37cc056c1b
FIX: Ensure group-filtered group user event webhooks fire (#21254)
Group user event webhooks filtered by group fail silently
because the `group_ids` job arg wasn't being passed into the job.

This change add's `group_ids` to the `EmitWebHookEvent` jobs queued for
`user_added_to_group` and `user_removed_from_group` events.
2023-04-26 22:38:28 +00:00
Joffrey JAFFEUX fcbb753378
DEV: skips flakey spec (#21262) 2023-04-26 19:41:34 +02:00
Bianca Nenciu 024b8b2640
FIX: Show large image placeholder for image onebox (#21237)
Large or broken images are removed from oneboxes, but sometimes images
were removed when they were oneboxed too. The reason is that images can
be oneboxed by the AllowlistedGenericOnebox or ImageOnebox and only
AllowlistedGenericOnebox was handled correctly.
2023-04-26 20:05:22 +03:00
Joffrey JAFFEUX e495a2fc3f
DEV: Enable parallel system specs in GitHub actions CI (#21251)
Also skips/improves few flakey specs
2023-04-26 13:02:19 +02:00
Isaac Janzen 96700d55a4
FIX: Safely return from missing post on `check_dont_feed_the_trolls` (#21238) 2023-04-25 10:08:00 -05:00
Andrei Prigorshnev 0ea5ae86ff
DEV: return user IDs on the user search route (#21206)
We call the `/u/search/users` URL when autocompleting users. It returns 
user's name, username and avatar template, but not user ID.

We need it to return user IDs in order to display user status in certain situations. 
I could add ID to FoundUserWithStatusSerializer, so it will be added only if 
user status is enabled in site settings. But I feel that it's good to always return it, 
it's not a lot of data comparing to what we already return, and it should be useful 
in other scenarios.
2023-04-25 18:25:57 +04:00
Joffrey JAFFEUX bf886662df
UX: improves composer and thread panel (#21210)
This pull request is a full overhaul of the chat-composer and contains various improvements to the thread panel. They have been grouped in the same PR as lots of improvements/fixes to the thread panel needed an improved composer. This is meant as a first step.

### New features included in this PR

- A resizable side panel
- A clear dropzone area for uploads
- A simplified design for image uploads, this is only a first step towards more redesign of this area in the future

### Notable fixes in this PR

- Correct placeholder in thread panel
- Allows to edit the last message of a thread with arrow up
- Correctly focus composer when replying to a message
- The reply indicator is added instantly in the channel when starting a thread
- Prevents a large variety of bug where the composer could bug and prevent sending message or would clear your input while it has content

### Technical notes

To achieve this PR, three important changes have been made:

- `<ChatComposer>` has been fully rewritten and is now a glimmer component
- The chat composer now takes a `ChatMessage` as input which can directly be used in other operations, it simplifies a lot of logic as we are always working a with a `ChatMessage`
- `TextareaInteractor` has been created to wrap the existing `TextareaTextManipulation` mixin, it will make future migrations easier and allow us to have a less polluted `<ChatComposer>`

Note ".chat-live-pane" has been renamed ".chat-channel"

Design for upload dropzone is from @chapoi
2023-04-25 10:23:03 +02:00
Ted Johansson 02625d1edd
DEV: Only allow expanding hidden posts for author and staff (#21052) 2023-04-25 13:37:29 +08:00
Isaac Janzen 366ff0e76b
FIX: Don't display destroy reviewable button on client (#21226)
# Context

https://meta.discourse.org/t/missing-translate-in-review-page/262604

![image](https://user-images.githubusercontent.com/50783505/234089049-72332040-e7d5-4081-824a-b0b36e37187a.png)

An additional button was added as a result of dd495a0e19 which was intended to grant access to deleting reviewable from the API. 

We were being too flexible by only checking if the user was an admin

012aaf0ba3/lib/guardian.rb (L237)

where it should instead by scoped to check if the request was an API call.

# Fix

https://github.com/discourse/discourse/pull/21226/files#diff-0a2548be4b18bd4ef2dffb3ef8e44984d2fef7f037b53e98f67abea52ef75aa2R237

# Additions

Added a new guard of `is_api?`

https://github.com/discourse/discourse/pull/21226/files#diff-0a2548be4b18bd4ef2dffb3ef8e44984d2fef7f037b53e98f67abea52ef75aa2R657-R660

In `app/models/reviewable.rb` we check if the user has the permissions to the destroy action via the `Guardian`. To do this we were instantiating a new `Guardian` class which then caused us to lose the context of the request. The request is a necessary component in the guard of `is_api?` so we needed to pass the already defined Guardian from the `app/controllers/reviewables_controller.rb` to the `#perform` method to ensure the request is present.
2023-04-24 20:22:37 -05:00
Selase Krakani cdf1589a85
FEATURE: Add support for user badge revocation webhook events (#21204)
Currently, only user badge grants emit webhook events. This change
extends the `user_badge` webhook to emit user badge revocation events.

A new `user_badge_revoked` event has been introduced instead of relying
on the existing `user_badge_removed` event. `user_badge_removed` emitted
just the `badge_id` and `user_id` which aren't helpful for generating a
meaningful webhook payload for revoked(deleted) user badges.

The new event emits  the user badge object.
2023-04-24 20:36:40 +00:00
Jan Cernik c03f83bbea
FIX: Show auto-group flair according to user preferences (#21221) 2023-04-24 16:04:26 -03:00
David Taylor 6cb733d6c7
FIX: Ensure skip-module JS is transpiled correctly (#21224)
This regressed in 7e74dd0afe, and was causing issues with 2fa security keys on the email verification route
2023-04-24 17:39:02 +01:00
David Taylor cd88af8876
FIX: Ensure reviewable counts are updated correctly for new user menu (#21222)
On the client-side, message-bus subscriptions and reviewable count UI is based on the 'redesigned_user_menu_enabled' boolean. We need to use the same logic on the server-side to ensure things work correctly when legacy navigation is used alongside the new user menu.
2023-04-24 16:59:32 +01:00
Mark VanLandingham 012aaf0ba3
PERF: Don't serialize value for theme_fields unnecessarily (#21201)
The value field of ThemeField is only used when viewing a diff in the staff action logs and local theme editing. value is being serialized into the theme index as well, which is not used. It's a huge amount of JSON that we can cut by removing it.

This also breaks up the various theme serializers into separate classes so they autoload properly (or at least restart the server on edit)
2023-04-24 09:30:51 -05:00
Isaac Janzen 599979902e
FIX: Error when trying to bump a topic with no category (#21207)
When revising a post, if the topic that post belonged to did not have a category attached it would error with 

> NoMethodError (undefined method `read_restricted' for nil:NilClass)
2023-04-24 09:28:10 -05:00
David Taylor 26b7f8a63b
DEV: Improve add_to_serializer include_* options (#21220)
- Move the old '`define_include_method`' arg to a `respect_plugin_enabled` kwarg

- Introduce an `include_condition` kwarg which can be passed a lambda with inclusion logic. Lambda will be run via `instance_exec` in the context of the serializer instance

This is backwards compatible - old-style invocations will trigger a deprecation message
2023-04-24 12:17:51 +01:00
Natalie Tay e1bc43aa31
Revert "DEV: Improve `add_to_serializer` `include_*` options (#21073)" (#21219)
This reverts commit 4895e76ef7.
2023-04-24 16:14:52 +08:00
David Taylor 4895e76ef7
DEV: Improve `add_to_serializer` `include_*` options (#21073)
- Move the old '`define_include_method`' arg to a `respect_plugin_enabled` kwarg
- Introduce an `include_condition` kwarg which can be passed a lambda with inclusion logic. Lambda will be run via `instance_exec` in the context of the serializer instance

This is backwards compatible - old-style invocations will trigger a deprecation message

Update chat and poll plugins to new pattern
2023-04-24 15:47:28 +10:00
Canapin f7bc30a37d
DEV: Added a missing parameter to Discourse API Docs (#21085)
---------

Co-authored-by: Sam Saffron <sam.saffron@gmail.com>
2023-04-24 15:44:09 +10:00
Blake Erickson 6ae0c42c01
FIX: Do not overwrite existing thumbnails (#21199)
* FIX: Do not overwrite existing thumbnails

When auto generating video thumbnails they should not overwrite any
existing topic thumbnails.

This also addresses an issue with capitalized file extensions like .MOV
that were being excluded.

* Update app/models/post.rb

Remove comment

Co-authored-by: Penar Musaraj <pmusaraj@gmail.com>

---------

Co-authored-by: Penar Musaraj <pmusaraj@gmail.com>
2023-04-21 13:33:33 -06:00
Martin Brennan 30f0afe873
DEV: Fix flaky emoji deny list system spec (#21180)
This was failing quite often with the following error:

```
 1) Emoji deny list when using composer should remove denied emojis from emoji picker
     Failure/Error: find("#{COMPOSER_ID} .emoji-picker")

     Capybara::ElementNotFound:
       Unable to find css "#reply-control .emoji-picker"
```

This was because our `click_toolbar_button` call on the Composer
page object used a number for the position of the toolbar button,
which can be flaky since there are things that hide/show toolbar
buttons or change their position.

Each toolbar button in the composer has a CSS class, so it is
more reliable to use that instead. Also fixed an instance of
calling `has_X?` method directly instead of using the
`have_x` rspec matcher.
2023-04-21 10:55:05 +10:00
Isaac Janzen ce9cccb2fc
FIX: Don't render error for bad-sequence (#21187)
We are seeing issues with the composer not being able to close due to the addition of a error message when rescuing from `Draft::OutOfSequence`. This PR will revert to the original solution implemented prior to https://github.com/discourse/discourse/pull/21148 that just silently rescues from `Draft::OutOfSequence`
2023-04-20 10:26:11 -05:00
Isaac Janzen dd495a0e19
FEATURE: Allow admins to delete reviewables via API (#21174)
This PR adds the ability to destroy reviewables for a passed user via the API. This was not possible before as this action was reserved for reviewables for you created only.

If a user is an admin and calls the `#destroy` action from the API they are able to destroy a reviewable for a passed user. A user can be targeted by passed either their:
- username
- external_id (for SSO) 

to the request.

In the case you attempt to destroy a non-personal reviewable and
- You are not an admin
- You do not access the `#destroy` action via the API

you will raise a `Discourse::InvalidAccess` (403) and will not succeed in destroying the reviewable.
2023-04-20 09:38:41 -05:00
Jarek Radosz 43e0025141
Revert "DEV: Merge package.json files (#21172)" (#21182)
This reverts commit 49a1e1cd0e.

Is causing issues in prod-adjacent environments (Jenkins)
2023-04-20 14:57:40 +02:00
Jarek Radosz 49a1e1cd0e
DEV: Merge package.json files (#21172)
This means: a single yarn.lock and removing one of the package.json files
2023-04-20 12:46:12 +02:00
Ted Johansson e002a24eca
FEATURE: Add new don't feed the trolls feature (#21001)
Responding to negative behaviour tends to solicit more of the same. Common wisdom states: "don't feed the trolls".

This change codifies that advice by introducing a new nudge when hitting the reply button on a flagged post. It will be shown if either the current user, or two other users (configurable via a site setting) have flagged the post.
2023-04-20 15:49:35 +08:00
Martin Brennan 86204fa4f0
FIX: Hashtag subcategory ref incorrect when not highest-ranked type (#21163)
This commit fixes the following scenario:

1. The user is searching for hashtags in chat, where the subcategory
   type is not highest-ranked in priority order.
2. There can, but doesn't have to be, a higher-ranked matching chat
   channel that has the same slug as the subcategory.
3. Since it is not the highest-ranked type, the subcategory, which
   normally has a ref of parent:child, has its ref changed to
   child::category, which does not work

This was happening because whenever a hashtag type was not highest
ranked, if _any_ other hashtag results conflicted slugs, we would
append the ::type suffix. Now, we only append this suffix if a
higher-ranked type conflicts with the hashtag, and we use the current ref
to build the new typed ref to preserve this parent:child format as well,
it's more accurate.
2023-04-20 09:03:55 +10:00
Isaac Janzen a3693fec58
FEATURE: Allow drafts to be deleted via the API (#21148)
This PR adds the ability to destroy drafts for a passed user via the API. This was not possible before as this action was reserved for only your personal drafts.

If a user is an admin and calls the `#destroy` action from the API they are able to destroy a draft for a passed user. A user can be targeted by passed either their:
- username
- external_id (for SSO) 

to the request.

In the case you attempt to destroy a non-personal draft and
- You are not an admin
- You do not access the `#destroy` action via the API

you will raise a `Discourse::InvalidAccess` (403) and will not succeed in destroying the draft.
2023-04-19 14:41:45 -05:00
Blake Erickson 76874b7098
FIX: 500 error when adding restricted category tags (#21147)
This fixes a 500 error that occurs when adding a tag to a category's
restricted tag list if the category's restricted tags already included a
synonym tag.
2023-04-18 11:01:11 -06:00
Ted Johansson f3f30d6865
SECURITY: Encode embed url (#21133)
The embed_url in "This is a companion discussion..." could be used for
XSS.

Co-authored-by: Blake Erickson <o.blakeerickson@gmail.com>
2023-04-18 15:05:29 +08:00
Ted Johansson 437b73e322
SECURITY: Ensure site setting being updated is a configurable site setting (#21131) 2023-04-18 14:32:18 +08:00
Arpit Jalan 8405ae7733
FEATURE: add a setting to allowlist DiscourseConnect return path domains (#21110)
* FEATURE: add a setting to allowlist DiscourseConnect return path domains

This commit adds a site setting to allowlist DiscourseConnect return
path domains. The setting needs supports exact domain or wildcard
character (*) to allow for any domain as return path.

* Add more specs to clarify what is allowed in site setting

* Update setting description to explain what is allowed
2023-04-17 22:53:50 +05:30
Loïc Guitaut 430d6308a8 FIX: Render links with subfolders properly in Discobot
Currently, some links aren’t properly built in Discobot when Discourse
is hosted in a subfolder. This is because we’re providing
`Discourse.base_url` to the Rails helpers which contains the base URL
*with* the prefix. But Rails helpers already handle this prefix so the
resulting link gets the prefix twice.

The fix is quite simple: use `Discourse.base_url_no_prefix` instead of
`Discourse.base_url`.
2023-04-17 16:53:00 +02:00
Joffrey JAFFEUX 2535381f44
FIX: ensures tag notification level is changed (#21106)
Following a change in e9f7262813 which prevents the notification level to be returned from the update endpoint, the model couldn't update itself. This commit makes the update manually and adds a test to prevent future regressions.

Note we could also change the backend endpoint, but this should work correctly with minimum risk.
2023-04-17 10:48:41 +02:00