Commit Graph

231 Commits

Author SHA1 Message Date
Sam Saffron bd5fa1737d FIX: add_to_serializer not correctly accounting for inheritance chains
This is a very long standing bug we had, if a plugin attempted to amend a
serializer core was not "correcting" the situation for all descendant classes
this often only showed up in production cause production eager loads serializers
prior to plugins amending them.

This is a critical fix for various plugins
2019-08-27 18:21:53 +10:00
Vinoth Kannan 41f22946c3 FIX: properly load desktop and mobile only plugin css assets.
5bd6b70d98
2019-08-22 08:39:10 +05:30
Vinoth Kannan 5bd6b70d98
DEV: debundle plugin css assets and don't load if disabled (#7646) 2019-08-20 22:09:52 +05:30
Régis Hanol ae05245b00 DEV: plugin API to register User custom field types 2019-07-24 18:38:44 +02:00
Vinoth Kannan 839916aa49
DEV: Debundle plugin javascript assets and don't load if disabled (#7566)
And don't load javascript assets if plugin is disabled.

* precompile auto generated plugin js assets

* SPEC: remove spec test functions

* remove plugin js from test_helper

Co-Authored-By: Régis Hanol <regis@hanol.fr>

* DEV: using equality is slightly easier to read than inequality

Co-Authored-By: Régis Hanol <regis@hanol.fr>

* DEV: use `select` method instead of `find_all` for readability

Co-Authored-By: Régis Hanol <regis@hanol.fr>
2019-07-15 20:22:54 +05:30
Joffrey JAFFEUX 9ee2c121c1
FIX: ensures emoji helper is working with custom emojis (#7843) 2019-07-03 09:23:40 +02:00
Roman Rizzi c3a38d2304 DEV: Make groups/new extensible by plugins (#7642)
* Expose a new plugin outlet. Pass group model to the group-member-dropdown so it can be accessed by plugins

* Added controller tests for group custom fields. update custom fields when updating a group
2019-06-06 12:05:33 +10:00
Sam Saffron 30990006a9 DEV: enable frozen string literal on all files
This reduces chances of errors where consumers of strings mutate inputs
and reduces memory usage of the app.

Test suite passes now, but there may be some stuff left, so we will run
a few sites on a branch prior to merging
2019-05-13 09:31:32 +08:00
Guo Xiang Tan 451f7842ff DEV: More `send` -> `public_send`. 2019-05-07 10:05:58 +08:00
Guo Xiang Tan 152238b4cf DEV: Prefer `public_send` over `send`. 2019-05-07 09:33:21 +08:00
Sam Saffron 9be70a22cd DEV: introduce new API to look up dynamic site setting
This removes all uses of both `send` and `public_send` from consumers of
SiteSetting and instead introduces a `get` helper for dynamic lookup

This leads to much cleaner and safer code long term as we are always explicit
to test that a site setting is really there before sending an arbitrary
string to the class

It also removes a couple of risky stubs from the auth provider test
2019-05-07 11:00:30 +10:00
Roman Rizzi aec457e09a
DEV: Expose a way to extend a method that returns a list 2019-04-08 14:42:36 -03:00
Robin Ward b58867b6e9 FEATURE: New 'Reviewable' model to make reviewable items generic
Includes support for flags, reviewable users and queued posts, with REST API
backwards compatibility.

Co-Authored-By: romanrizzi <romanalejandro@gmail.com>
Co-Authored-By: jjaffeux <j.jaffeux@gmail.com>
2019-03-28 12:45:10 -04:00
Penar Musaraj 9bf11a7c02
FEATURE: Add localized timezone names (#7004)
Uses github.com/discourse/moment-timezone-names-translations to translate timezone names.
Plugins can also provide their own timezone name translations.
2019-02-25 14:40:02 -05:00
Gerhard Schlager 84c56e16f9 REFACTOR: Use keyword argument for fallback_to_english flag 2019-02-19 15:28:47 +01:00
Régis Hanol 95e5f8380d FEATURE: Allow plugins to add custom emoji translations
FIX: buildTranslationTree was erroring when translations overlapped (ie. ":-)" and ":-))")
FIX: emoji translations wasn't working properly when translations overlapped
2019-01-04 15:27:46 +01:00
David Taylor 23c65feb6c DEV: Prevent deprecation warnings being incorrectly logged 2018-12-31 14:41:30 +00:00
David Taylor 4e010382cc REFACTOR: Initialize auth providers after `plugin.activate!`
Also added some helpful functionality for plugin developers:
- Raises RuntimeException if the auth provider has been registered too late
- Logs use of deprecated parameters
2018-11-30 16:58:18 +00:00
Kyle Zhao 488fba3c5f
FEATURE: allow plugins and themes to extend the default CSP (#6704)
* FEATURE: allow plugins and themes to extend the default CSP

For plugins:

```
extend_content_security_policy(
  script_src: ['https://domain.com/script.js', 'https://your-cdn.com/'],
  style_src: ['https://domain.com/style.css']
)
```

For themes and components:

```
extend_content_security_policy:
  type: list
  default: "script_src:https://domain.com/|style_src:https://domain.com"
```

* clear CSP base url before each test

we have a test that stubs `Rails.env.development?` to true

* Only allow extending directives that core includes, for now
2018-11-30 09:51:45 -05:00
Penar Musaraj 03deda2147
Upgrade to FontAwesome 5 (take two) (#6673)
* Add missing icons to set

* Revert FA5 revert

 This reverts commit 42572ff

* use new SVG syntax in locales

* Noscript page changes (remove login button, center "powered by" footer text)

* Cast wider net for SVG icons in settings

- include any _icon setting for SVG registry (offers better support for plugin settings)

- let themes store multiple pipe-delimited icons in a setting

- also replaces broken onebox image icon with SVG reference in cooked post processor

* interpolate icons in locales

* Fix composer whisper icon alignment

* Add support for stacked icons

* SECURITY: enforce hostname to match discourse hostname

This ensures that the hostname rails uses for various helpers always matches
the Discourse hostname

* load SVG sprite with pre-initializers

* FIX: enable caching on SVG sprites

* PERF: use JSONP for SVG sprites so they are served from CDN

This avoids needing to deal with CORS for loading of the SVG

Note, added the svg- prefix to the filename so we can quickly tell in
dev tools what the file is

* Add missing SVG sprite JSONP script to CSP

* Upgrade to FA 5.5.0

* Add support for all FA4.7 icons

- adds complete frontend and backend for renamed FA4.7 icons

- improves performance of SvgSprite.bundle and SvgSprite.all_icons

* Fix group avatar flair preview

- adds an endpoint at /svg-sprites/search/:keyword

- adds frontend ajax call that pulls icon in avatar flair preview even when it is not in subset

* Remove FA 4.7 font files
2018-11-26 16:49:57 -05:00
David Taylor 052bf37578 FIX: Use `Discourse.deprecate` instead of `Rails.logger.warn`
This will significantly reduce the volume of logs when the condition is hit
2018-11-22 15:59:47 +00:00
Sam 42572ff138 Revert font awesome 5 changes
We are still pushing ahead on this 100% just need a bit longer to prepare
all plugins
2018-11-08 16:12:18 +11:00
Penar Musaraj 005e1ecb9b
FEATURE: Update Font Awesome to v5.4.1 and SVGs (#6557)
* First take on subsetting svg icons

* FontAwesome 5 svg subset WIP

* Include icons from plugins/badges into svg sprite subset

* add svg icon support to themes

* Add spec for SvgSprite

* Misc. SVG icon fixes

* Use FA5 svgs in local-dates plugin

* CSS adjustments, fix SVG icons in group flair

* Use SVG icons in poll plugin

* Add SVG icons to /wizard
2018-11-07 13:05:43 -05:00
David Taylor c6f364224e
FEATURE: Allow plugins to whitelist user custom fields for public display (#6499)
This works exactly the same as `whitelist_staff_user_custom_fields`, but is not limited to staff
2018-10-17 10:33:27 +01:00
Guo Xiang Tan 1c9b5e75e7 DEV: Support post deployment migrations for plugins. 2018-10-09 13:11:45 +08:00
David Taylor 4382fb5fac DEV: Allow plugins to whitelist specific user custom_fields for editing (#6358) 2018-09-04 20:45:36 +10:00
Robin Ward 5895507153 FEATURE: Ability for plugins to whitelist custom fields for flags
You can now call `whitelist_flag_post_custom_field` from your plugins
and those custom fields will be available on the flagged posts
area of the admin section.
2018-08-09 10:49:14 -04:00
Sam 4b000f5d12 FIX: do not use `lib` for requires
this breaks loading the app from arbitrary dirs
2018-08-07 11:04:29 +10:00
David Taylor 812add18bd REFACTOR: Serve auth provider information in the site serializer.
At the moment core providers are hard-coded in Javascript, and plugin providers get added to the JS payload at compile time. This refactor means that we only ship enabled providers to the client.
2018-08-06 09:25:48 +01:00
David Taylor 8d1acbd4c2 DEV: Include specific authenticator name in warning message 2018-07-30 11:33:48 +01:00
David Taylor 467c529920 FIX: Remove return statement from inside block 2018-07-26 15:52:39 +01:00
David Taylor 0d0d78841b
FIX: Remove `plugin.enabled?` checks at initialization time (#6166)
Checking `plugin.enabled?` while initializing plugins causes issues in two ways:
  - An application restart is required for changes to take effect. A load-balanced multi-server environment could behave very weirdly if containers restart at different times.
  - In a multisite environment, it takes the `enabled?` setting from the default site. Changes on that site affect all other sites in the cluster.

Instead, `plugin.enabled?` should be checked at runtime, in the context of a request. This commit removes `plugin.enabled?` from many `instance.rb` methods.

I have added a working `plugin.enabled?` implementation for methods that actually affect security/functionality:
  - `post_custom_fields_whitelist`
  - `whitelist_staff_user_custom_field`
  - `add_permitted_post_create_param`
2018-07-25 16:44:09 +01:00
David Taylor eda1462b3b
FEATURE: List, revoke and reconnect associated accounts. Phase 1 (#6099)
Listing connections is supported for all built-in auth providers. Revoke and reconnect is currently only implemented for Facebook.
2018-07-23 16:51:57 +01:00
Robin Ward 6901e0e043 FIX: Rails.logger isn't always available when loading plugin locales 2018-06-22 10:20:20 -04:00
Joffrey JAFFEUX 24c27b5321
FEATURE: adds a add_report method accessible in plugin.rb 2018-06-19 15:00:11 +02:00
Guo Xiang Tan c6f45fcfdb Expose an API for plugins to be hidden on the admin plugin page. 2018-05-08 13:24:58 +08:00
Guo Xiang Tan 8cf0f51eb2 UX: Display site settings shortcut for `poll` and `discourse-nginx-performance-report`.
https://meta.discourse.org/t/improving-admin-plugins/84585/29?u=tgxworld
2018-05-08 10:34:32 +08:00
Robin Ward 93b40d5e59 Don't use `puts` here since it happens in tests 2018-04-30 12:26:43 -04:00
Robin Ward cfcdc4b420 Output when a locale is invalid 2018-04-20 15:29:18 -04:00
Joffrey JAFFEUX 45f657336e
FEATURE: adds support for loading existing core asset in pretty text 2018-04-10 08:37:16 +02:00
Gerhard Schlager eb52c5469e FEATURE: Allow plugins to register a new locale 2018-01-25 14:57:41 +01:00
Jeff Wong b094894c94 Feature: Add service worker registration method to plugin API 2017-11-28 14:01:41 +08:00
Robin Ward 966c7e7f07 FEATURE: Allow plugins to dynamically add seed fixture paths
This is useful if your plugin wants different seed data for different
locales for example.
2017-11-16 14:43:17 -05:00
Robin Ward 838568cbc3 Refactor flag types for more customization 2017-10-19 13:55:23 -04:00
Robin Ward 823936ca9c A plugin API to catch exceptions 2017-10-02 12:05:12 -04:00
Robin Ward 34f98f362f Add a plugin hook to specify a class on the body of the document 2017-09-28 13:17:09 -04:00
Guo Xiang Tan 77d4c4d8dc Fix all the errors to get our tests green on Rails 5.1. 2017-09-25 13:48:58 +08:00
Robin Ward e7885c20cb Add reloadable support for patching in an avatar lookup 2017-08-30 14:24:03 -04:00
Guo Xiang Tan 2157079d09 Add Plugin API to register a category custom field. 2017-08-17 15:59:57 +09:00
Régis Hanol 55f449edc5 FIX: reloading issues with classes 2017-08-16 23:00:52 +02:00
Robin Ward 5ed809a15b FIX: Reloading issues with classes 2017-08-13 13:19:50 -04:00
Régis Hanol 51ef36abb4 Add a bunch of reload-friendly class variables accessors plugin APIs 2017-08-12 04:21:02 +02:00
Régis Hanol 04460ecac5 'add_to_serializer' should define the 'include_' method by default 2017-08-09 22:22:18 +02:00
Robin Ward f11253dcb6 Allow plugin patches to reload in development mode 2017-08-09 12:30:27 -04:00
Robin Ward 43fd90b2da Remove serve_public_dir -- it's not needed 2017-07-28 13:44:38 -04:00
Robin Ward 5ae79697b8 Remove unused `register_theme` code, expose `serve_public` 2017-07-28 11:47:25 -04:00
Guo Xiang Tan 5012d46cbd Add rubocop to our build. (#5004) 2017-07-28 10:20:09 +09:00
Sam 6a1f579c6e FIX: don't search for plugins in nested subdirectories 2017-05-16 17:28:56 -04:00
Robin Ward 1363988cd7 Support for an HTML builder that can create dynamic HTML 2017-04-17 17:32:55 -04:00
Régis Hanol 747f4812e4 fix custom emoji support when using subfolder 2017-03-24 02:09:39 +01:00
Régis Hanol 9f65658c5c register_emoji should work with subfolder installs 2017-03-24 01:08:12 +01:00
Guo Xiang Tan e7c972ac89 FIX: Don't use backticks that take in inputs. 2017-03-17 15:33:51 +08:00
Robin Ward fffa285dbf Insert middleware in production mode if enabled 2017-01-18 18:05:56 -05:00
Robin Ward adb73180f7 FEATURE: Let plugins register themes easily 2017-01-13 11:50:52 -05:00
Robin Ward b60bc47a4c Plugins can register providers for global settings 2017-01-09 17:18:58 -05:00
Guo Xiang Tan 3909f342f6 FEATURE: Allow options to be set when adding model callbacks. 2016-11-21 10:20:31 +08:00
Sam f4c754b389 FEATURE: split JavaScript application bundle, so plugins live in own file
This adds plugin.js and plugin_third_party.js files
2016-11-15 11:43:13 +11:00
Guo Xiang Tan 49c27d9a88 FEATURE: Add interface in `Plugin::Instance` to register a seedfu fixture. 2016-10-25 14:57:31 +08:00
Robin Ward af266acac1 FIX: Plugin Custom emoji weren't working correctly on the server side 2016-07-22 12:59:43 -04:00
Robin Ward c11f7bee99 FIX: Registering emoji via plugin.rb was broken 2016-07-21 14:15:51 -04:00
Robin Ward b8261a662b FIX: `siteSettings` weren't getting applied to plugin auth 2016-07-13 16:11:48 -04:00
Robin Ward b8125b3512 REFACTOR: Remove `Discourse.Ajax` 2016-07-11 12:57:05 -04:00
Robin Ward 56f07529bb REFACTOR: Migrate more legacy JS to ES6 2016-07-11 12:57:05 -04:00
Robin Ward a546395397 REFACTOR: Migrate markdown functionality in ES6 2016-07-11 12:57:05 -04:00
Neil Lalonde e5918c7d00 FEATURE: Merge tagging plugin into core 2016-04-27 11:58:53 -04:00
Robin Ward 1006b1ba94 Various Plugin Enhancements and Extension Points 2016-03-11 15:53:37 -05:00
Régis Hanol fc27b7442f FIX: it should have been an array of arrays...:fired: 2015-11-06 15:42:16 +01:00
Régis Hanol 86f76e5b4d FIX: better plugin emojis API 2015-11-06 15:02:40 +01:00
Régis Hanol 13e96ffd3b FEATURE: add support for custom emojis via plugins 2015-11-05 17:25:26 +01:00
Neil Lalonde abeac7f681 two more places: make it possible for plugins to add methods to classes that don't follow naming conventions 2015-11-04 14:53:45 -05:00
Robin Ward c4b1b848bc More extension points for login buttons, used by OAuth2 plugin 2015-09-25 11:29:40 -04:00
Neil Lalonde db1820f39c make it possible for plugins to add methods to classes that don't follow naming conventions 2015-09-14 16:10:54 -04:00
Robin Ward 42e510753d Support for Acceptance tests in plugins 2015-08-27 17:07:11 -04:00
Neil Lalonde 3faeeca5c8 FIX: plugins that use models in their initialize section might fail when bootstrapping a new database 2015-08-25 16:38:25 -04:00
Robin Ward 2b72bd3592 FIX: Missed incrementing `idx` 2015-08-21 11:39:40 -04:00
Robin Ward 37f2d8c73c Adds more helpers for plugin authors
`add_class_method` can be used to add a class method that only
executes when the plugin is enabled.

`add_model_callback` can be used to attach a callback to an
ActiveRecord model such as `before_save` that will only execute
when the plugin is enabled.
2015-08-21 11:29:45 -04:00
Robin Ward 7eb32be4de Add support for plugins to declare ES6 in the admin bundle 2015-08-17 15:03:55 -04:00
Kane York af042ffe5e FEATURE: Per-plugin settings buttons, "Enabled" column
Also, added enabled_site_setting to the Poll plugin so it shows up properly.
2015-07-02 10:59:06 -07:00
Neil Lalonde f1637fc11e FEATURE: plugins can register a custom admin quick start topic that will be seeded into new sites 2015-06-04 15:56:17 -04:00
Régis Hanol 86d7412f30 REFACTOR: rename "total_votes" poll field to the more accurate "voters"
FEATURE: automagically load plugin's migrations
2015-05-04 16:01:57 +02:00
Régis Hanol 724f4a1c55 FEATURE: automatically load plugin's rake tasks 2015-04-29 23:32:49 +02:00
Robin Ward de42c627c5 Allow plugins to specify a minimum `requires version` 2015-04-27 13:07:12 -04:00
Régis Hanol 151dea4088 FIX: editing a poll/post with a poll wasn't working properly 2015-04-26 00:12:19 +02:00
Régis Hanol 8bda53a8cd FIX: compatibility issue with akismet plugin 2015-04-23 20:02:16 +02:00
Régis Hanol a737090442 - FEATURE: revamped poll plugin
- add User.staff scope
- inject MessageBus into Ember views (so it can be used by the poll plugin)
- REFACTOR: use more accurate is_first_post? method instead of post_number == 1
- FEATURE: add support for JSON-typed custom fields
- FEATURE: allow plugins to add validation
- FEATURE: add post_custom_fields to PostSerializer
- FEATURE: allow plugins to whitelist post_custom_fields
- FIX: don't bump when post did not save successfully
- FEATURE: polls are supported in any post
- FEATURE: allow for multiple polls in the same post
- FEATURE: multiple choice polls
- FEATURE: rating polls
- FEATURE: new dialect allowing users to preview polls in the composer
2015-04-23 19:33:29 +02:00
Robin Ward 3d7b534564 FEATURE: New "Plugins" admin section with extensibility support 2015-02-06 17:33:24 -05:00
Robin Ward 25daca8f23 Helpers for plugins to support enabling/disabling 2015-02-04 16:23:56 -05:00
Robin Ward 530b20d339 Memoize readers for plugins to avoid nil checks 2015-02-04 16:23:55 -05:00
Robin Ward 4748b21c56 Allow us to extend serializers easily in a plugin 2015-01-12 10:53:08 -05:00
Robin Ward 57b89a2c7f Plugin stuff:
* Allow plugins to work with only autoloaded assets.
* Give a plugin outlet a class name based on its name if no view class
* Give the `topic-title` outlet a default class of `clear: both`
2014-12-30 16:29:28 -05:00
Régis Hanol e6e7948617 FEATURE: support for emoji sets
Added following emoji sets
  - Apple/International
  - Emoji One (default)
  - Android/Google
  - Twitter

FIX: translations from plugins weren't properly merged with default translations
FEATURE: new 'site_setting_changed' event
2014-12-11 17:08:47 +01:00
Robin Ward e76449d800 When using automatic file includes (es6, hbs) from plugins, allow the
asset pipeline to find new and deleted files with deleting the `tmp`
folder and restarting the server.
2014-12-09 15:23:14 -05:00
Robin Ward 663cd93c6d Move `register_asset` into `PluginRegistry` -- the logic works better
there.
2014-12-09 14:20:53 -05:00
Robin Ward cebb47134f Automatically include all `.hbs` files from plugins 2014-12-09 12:16:47 -05:00
Robin Ward f361adef44 Make plugin load order deterministic 2014-11-03 15:26:25 -05:00
Robin Ward d0fb8bbcfc Instead of `.js.handlebars` use `.hbs` for handlebars templates 2014-09-26 15:23:15 -04:00
Sam f1a28d62a3 FEATURE: support registration of custom html by plugins 2014-06-05 11:39:33 +10:00
Neil Lalonde 3e16ac62c3 Add register_color_scheme for plugins 2014-06-03 12:37:29 -04:00
Robin Ward 3f9c4100ef Many Plugin upgrades. 2014-06-03 10:33:47 -04:00
Vikhyat Korrapati b9e15a240f Allow registering ES6 modules from plugins. 2014-05-15 23:44:30 +05:30
Benjamin Kampmann 64918c35f5 Improved Plugins SCSS management
- Moves the import of plugins for both mobile and desktop from common after discourse loading, allowing plugins to overwrite
 - Make desktop-option behave like the mobile-option: SCSS/CSS marked with that option will only be loaded for desktop from now on and ignored in mobile
 - Add variables-keyword, allowing plugins to ship and overwrite variables before they get imported by discourse (great for theming)
2014-04-25 18:25:45 +02:00
Sam de9aa49b52 BUGFIX: default should register CSS for both mobile and desktop
If you want desktop only use :desktop option
2014-04-10 16:30:22 +10:00
Benjamin Kampmann d22df7731d Allow plugins to ship custom styles only for mobile
- adds another :mobile-flag to register_assets
- adds test for plugin registering of assets
- load plugins when on desktop and plugins_mobile when on mobile
2014-04-07 16:33:35 +02:00
Benjamin Kampmann e63b9b362e allow apps to give custom admin javascripts 2014-03-17 13:19:08 +01:00
Erik Ordway 34f9e17eac Allow plugins to specify the value used for require statements. This allows using forked gems in plugins until the original gem gets updated. 2014-02-11 15:53:54 -08:00
Shiv Kumar c281dd2c1e sub space for underscore in 'name' when registering public folder in plugin 2014-01-17 15:35:52 -08:00
Sam ce8bc3682f BUGFIX: do not install dependencies from plugin, must be explicit 2014-01-17 12:33:42 +11:00
Régis Hanol 9a3ce5f54f there is no need for that much $ 2014-01-06 14:02:42 +01:00
Régis Hanol 7fd88a52c9 FEATURE: allow plugins to overwrite handlebars templates 2013-12-31 16:43:29 +01:00
Sam 95cbcc198e FEATURE: add support for gem source in plugins 2013-12-31 09:58:58 +11:00
Sam 37267f36a6 we better rm on startup to work around jenkins messing it up, till I figure a cleaner way 2013-11-20 17:31:58 +11:00
Sam 8278fdb9dd relocate emoji plugin, stop pre-compiling assets 2013-11-20 14:38:21 +11:00
Régis Hanol fcd85b8a72 allow plugins to be symlinked 2013-10-21 19:59:28 +02:00
Sam Saffron 964809f73b if we have not automatic assets, don't try deleting them 2013-09-20 14:39:14 -07:00
Robin Ward e3a56864dd Changes to support Spoiler Alert plugin 2013-09-19 18:01:30 -07:00
Sam 6af1e12cc1 after_initialize callback for plugins 2013-09-17 10:24:15 +10:00
Sam 6d5e20fe4a plugins need paths too 2013-09-12 11:29:45 +10:00
Sam afd1a3ac7b yeah ... we should be installing the gem :) 2013-08-26 13:52:15 +10:00
Sam 818bf1355d PluginStore for plugin specific bits of storage
Amended plugin interfaces so they work with the vk sample
2013-08-26 12:59:17 +10:00
Sam 213ce33af2 Fixed all broken specs
Moved middleware config into authenticators
2013-08-26 12:59:17 +10:00
Sam 075002a6d5 refactoring the plugin interfaces to allow for better extensible 2013-08-26 12:59:17 +10:00