Commit Graph

30025 Commits

Author SHA1 Message Date
Selase Krakani 81cf481b16
FIX: Missing pending queued posts from topic view (#22838)
A previous change updated `ReviewableQueuedPost`'s `created_by`
to be consistent with other reviewable types. It assigns
the the creator of the post being queued to `target_created_by` and sets
the `created_by` to the creator of the reviewable itself.

This fix updates some of the `created_by` references missed during the
intial fix.
2023-07-28 16:16:23 +00:00
Penar Musaraj 3bee2a41f4
UX: More tweaks to compact tag picker (#22859)
Input font size was too small.
2023-07-28 12:11:24 -04:00
Selase Krakani 4471eabd49
FIX: Hydration of embedded records (#22809)
The store expects values for property names ending with `_id` to be a resource id
and `_ids` to be an array of resource ids.

This change ensures the store gracefully handles situations where an
embedded field with incompliant data structure sneaks its way to production.
2023-07-28 15:58:55 +00:00
Ella E 9e4c747657
FIX: Tweak right arrow position; set other arrow placements to default (#22848) 2023-07-28 08:58:34 -06:00
Selase Krakani e67fe1d07c
FIX: Member Highlights on Group Cards (#22828)
By default, only 10 members are highlighted on group cards. However,
joining/leaving a big group via the buttons on the group card results in
up to 50 members being highlighted. For large groups, this causes the card
to move off-screen.

This happens because, while the initial render explicitly fetches only 10
members, we don't seem to apply the same limit as part of the member
reload performed when a user leaves/joins via the buttons on the card.

This PR fixes that by only making the first 10 users available for
highlight regardless of the number of members loaded in the store.
2023-07-28 14:33:42 +00:00
Bianca Nenciu 0736611423
SECURITY: Hide restricted tags in noscript view
The hidden tags are usually filtered out by the serializer, but the
noscript view uses the topic objects instead of the serialized objects.
2023-07-28 12:53:50 +01:00
Penar Musaraj dcc825bda5
SECURITY: Limit length of edit reason column 2023-07-28 12:53:49 +01:00
Blake Erickson 62a609ea2d
SECURITY: Handle concurrent invite accepts
Raise an error on concurrent invite accept attempts.
2023-07-28 12:53:48 +01:00
Alan Guo Xiang Tan bfc3132bb2
SECURITY: Impose a upper bound on limit params in various controllers
What is the problem here?

In multiple controllers, we are accepting a `limit` params but do not
impose any upper bound on the values being accepted. Without an upper
bound, we may be allowing arbituary users from generating DB queries
which may end up exhausing the resources on the server.

What is the fix here?

A new `fetch_limit_from_params` helper method is introduced in
`ApplicationController` that can be used by controller actions to safely
get the limit from the params as a default limit and maximum limit has
to be set. When an invalid limit params is encountered, the server will
respond with the 400 response code.
2023-07-28 12:53:46 +01:00
OsamaSayegh 0976c8fad6
SECURITY: Don't reuse CSP nonce between anonymous requests 2023-07-28 12:53:44 +01:00
Alan Guo Xiang Tan 672f3e7e41
Revert "DEV: Skip flaky QUnit tests (#22847)" (#22850)
This reverts commit 26fc5d2d1f.

Flaky test has been fixed in e7208ab4c6
2023-07-28 17:37:31 +08:00
David Battersby 383f48c688
FIX: reset scrollbar position for mobile on lightbox images (#22822)
Using pinch-zoom on mobile devices with lightbox images can lead to scrolling of background content.

This change handles this by capturing the window.scrollY value when opening the lightbox, then when exiting we check if the scroll position has changed and reset it.
2023-07-28 15:03:04 +08:00
Alan Guo Xiang Tan 32d4810e2b
FIX: Can't dismiss new topics that belong to a sub-sub category (#22849)
What is the context for this change?

Prior to this change, there is a bug in `TopicsController#reset_new`
where it does not dismiss new topics in sub-subcategories when the
`category_id` and `include_subcategories=true` params are present. This
is because the controller did not account for sub-subcategories when
fetching the category ids of the new topics that should be dismissed.

This commit fixes the problem by relying on the `Category.subcategory_ids` class
method which accounts for sub-subcategories.
2023-07-28 12:06:42 +08:00
Alan Guo Xiang Tan 26fc5d2d1f
DEV: Skip flaky QUnit tests (#22847)
See
https://github.com/discourse/discourse/actions/runs/5683868303/job/15405355263
and https://github.com/discourse/discourse/actions/runs/5684998320/job/15408941916
2023-07-28 11:05:15 +08:00
dependabot[bot] 3c236fb44d
Build(deps-dev): Bump patch-package in /app/assets/javascripts (#22844)
Bumps [patch-package](https://github.com/ds300/patch-package) from 7.0.2 to 8.0.0.
- [Release notes](https://github.com/ds300/patch-package/releases)
- [Changelog](https://github.com/ds300/patch-package/blob/master/CHANGELOG.md)
- [Commits](https://github.com/ds300/patch-package/commits)

---
updated-dependencies:
- dependency-name: patch-package
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-07-28 00:58:36 +02:00
marstall e7208ab4c6
FIX: fix flaky test from settings editor PR (discouse:main:80f5018) (#22834) 2023-07-27 17:46:58 -04:00
Isaac Janzen de6070fac4
DEV: Convert `delete-topic-disallowed` modal to component-based API (#22830) 2023-07-27 15:08:37 -05:00
Natalie Tay 173de8afe6
DEV: Add logging and rescue when user already exists and connecting via DiscourseConnect (#22833)
This is happening because despite the user already existing in the forum, the `SingleSignOnRecord` doesn't exist and "require_activation" is set on the provider, causing us to skip looking for the email, and resulting in us creating a new User then seeing Validation failed: Primary email has already been taken when DiscourseConnect is attempting to make a new account.
2023-07-28 02:53:33 +08:00
marstall 80f5018924
FEATURE: JSON editor for theme settings (#21647)
provide the ability to edit theme settings in the json editor, and also copy them as a text file so they can be pasted into another instance.

Reference: /t/65023
2023-07-27 13:48:59 -04:00
Jarek Radosz a44378a1b6
FIX: Toggling overridden settings broke in #21572 (#22831) 2023-07-27 19:41:42 +02:00
Isaac Janzen 291629834d
DEV: Convert `delete-topic-confirm` modal to component-based API (#22813)
<img width="677" alt="Screenshot 2023-07-26 at 4 19 52 PM" src="https://github.com/discourse/discourse/assets/50783505/5b969d38-0283-4217-9f70-de3561f82dd5">
2023-07-27 11:52:12 -05:00
Joffrey JAFFEUX db0aef1192
DEV: removes unused group_manager model (#22827)
The associated table has been removed in 2015: 6dd4bc7d57 (diff-53b8234c51c429b92eb91d0212e15bbab16fcd5d1cbd3db64509977c9e1a060d)
2023-07-27 17:10:58 +02:00
David Taylor 507433f45c
FIX: Share topic shortcut (shift+s) (#22826)
This has been broken for a long time (since 04a63cfaaa)
2023-07-27 15:39:42 +01:00
Krzysztof Kotlarek 7fb4bd3f43
FIX: move main sidebar panel name to constant (#22819)
Small improvement of moving panel name to constant.
2023-07-27 13:17:13 +08:00
Jarek Radosz 83043bd453
DEV: Enable some of the skipped Firefox tests (#22800) 2023-07-27 10:56:50 +08:00
dependabot[bot] 0369839bd3
Build(deps-dev): Bump ember-cached-decorator-polyfill from 1.0.1 to 1.0.2 in /app/assets/javascripts (#22816)
Bumps [ember-cached-decorator-polyfill](https://github.com/ember-polyfills/ember-cached-decorator-polyfill) from 1.0.1 to 1.0.2.
- [Release notes](https://github.com/ember-polyfills/ember-cached-decorator-polyfill/releases)
- [Changelog](https://github.com/ember-polyfills/ember-cached-decorator-polyfill/blob/main/CHANGELOG.md)
- [Commits](https://github.com/ember-polyfills/ember-cached-decorator-polyfill/compare/v1.0.1...v1.0.2)

---
updated-dependencies:
- dependency-name: ember-cached-decorator-polyfill
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-07-27 10:56:03 +08:00
Alan Guo Xiang Tan fe5cd479eb
PERF: Add index on topic_id and created_at to posts table (#22818)
Why this change?

In `PostDestroyer#make_previous_post_the_last_one` and
`Topic.reset_highest`, we have a query that looks something like this:

```
SELECT user_id FROM posts
WHERE topic_id = :topic_id AND
      deleted_at IS NULL AND
      post_type <> 4
      #{post_type}
ORDER BY created_at desc
LIMIT 1
```

However, we currently don't have an index that caters directly to this
query. As a result, we have seen this query performing poorly on large
sites if the PG planner ends up using an index that is suboptimal for
the query.

This commit adds an index to the `posts` table on `topic_id` and then
`created_at`. For the query above, PG will be able to do a backwards
index scan efficiently.
2023-07-27 10:55:10 +08:00
Alan Guo Xiang Tan 0a56274596
FIX: Seed all categories and tags configured as defaults for nav menu (#22793)
Context of this change:

There are two site settings which an admin can configured to set the
default categories and tags that are shown for a new user. `default_navigation_menu_categories`
is used to determine the default categories while
`default_navigation_menu_tags` is used to determine the default tags.

Prior to this change when seeding the defaults, we will filter out the
categories/tags that the user do not have permission to see. However,
this means that when the user does eventually gain permission down the
line, the default categories and tags do not appear.

What does this change do?

With this commit, we have changed it such that all the categories and tags
configured in the `default_navigation_menu_categories` and
`default_navigation_menu_tags` site settings are seeded regardless of
whether the user's visibility of the categories or tags. During
serialization, we will then filter out the categories and tags which the
user does not have visibility of.
2023-07-27 10:52:33 +08:00
Penar Musaraj f3db8579d6
UX: Minor alignment fix for compact tag selector (#22810) 2023-07-26 14:13:39 -04:00
Jarek Radosz 92d2ea008e
DEV: Fix no-negated-condition linting issues (#22808) 2023-07-26 19:53:37 +02:00
Isaac Janzen f3b7351ff6
DEV: Convert `theme-upload` modal to component-based API (#22699) 2023-07-26 12:46:02 -05:00
Isaac Janzen a5b810fe18
FIX: Flashing history modal when changing versions (#22785)
## Problem
History modal is flashing when changing revision versions

## Context
This was introduced in https://github.com/discourse/discourse/pull/22666

We need to have a conditional loading spinner for the initial paint of the history modal as we don't have the revision yet loaded, so this can cause some odd rendering issues. At the same time we don't want to display the loading spinner each time we toggle between the revision versions, because the loading spinner replaces the revision body causing the modal sizes to be drastically different resulting in _jumping_ or _flashing_.

## Fix
Render the loading spinner only on the first paint of the modal.

https://github.com/discourse/discourse/assets/50783505/8d19275e-86a5-4132-8a1f-af4b4f5301a6
2023-07-26 11:08:59 -05:00
Penar Musaraj f2048eeb4c
UX: Minor change to compact tag chooser (#22796)
Followup to f5e8e73.

This switches the placeholder label to the existing string "optional
tags" and only shows it if there are no items picked.

Co-authored-by: Jarek Radosz <jradosz@gmail.com>
2023-07-26 11:43:46 -04:00
Jarek Radosz c6a23b90f6
DEV: Don't stub an imported module (#22805)
Stub a service's getter instead (embroider compat issue)
2023-07-26 13:01:29 +02:00
Jarek Radosz 1de0fa020e
DEV: Use `waitFor` instead of `waitUntil` (#22803)
Short and to the point 😉
2023-07-26 12:59:17 +02:00
Jarek Radosz d06431ba9b
DEV: Fix random typos (#22804)
A fresh batch of stashed changes :P
2023-07-26 12:45:35 +02:00
Jarek Radosz 62d3979870
DEV: Convert quote-button to a glimmer component (#22787)
Native class, glimmer, no jQ, async/await

Co-authored-by: Isaac Janzen <50783505+janzenisaac@users.noreply.github.com>
2023-07-26 11:50:55 +02:00
Krzysztof Kotlarek 6e3da7c07d
FIX: distinguish between scroll and drag for sidebar (#22794)
Change to drag move event handling. When position of mouse changed, we can assume it is not drag and drop, and we should keep default behaviour.

Otherwise, we stop propagation of the event to handle drag and drop correctly. s
2023-07-26 11:56:54 +10:00
dependabot[bot] 6a4666456e
Build(deps-dev): Bump node-fetch from 3.3.1 to 3.3.2 in /app/assets/javascripts (#22792)
Bumps [node-fetch](https://github.com/node-fetch/node-fetch) from 3.3.1 to 3.3.2.
- [Release notes](https://github.com/node-fetch/node-fetch/releases)
- [Commits](https://github.com/node-fetch/node-fetch/compare/v3.3.1...v3.3.2)

---
updated-dependencies:
- dependency-name: node-fetch
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-07-26 09:21:25 +08:00
Krzysztof Kotlarek 85e2f67367
FEATURE: API to set combined/separated sidebar mode. (#22753)
New API to change sidebar mode. We defined two:
Separated - only sections belonging to specific panel are displayed, and buttons to switch the panel are available as well.
Combined - all sections are displayed together and switch panel buttons are not visible.

In addition, as a part of refactoring, a new service called SidebarState was introduced.
2023-07-26 10:15:56 +10:00
Jordan Vidrine 5d1c1e5f62
prettier (#22786) 2023-07-25 16:19:07 -05:00
Isaac Janzen 0db03b684d
DEV: Convert `delete-posts-confirmation` modal to component-based API (#22700) 2023-07-25 16:11:32 -05:00
Penar Musaraj c6dca50ba4
UX: Remove ring from avatar for a new user (#22780) 2023-07-25 14:49:44 -04:00
Mark VanLandingham b91228d6c2
FIX: Looping attempt to reconnect in network connectivity service (#22783) 2023-07-25 11:57:28 -05:00
Natalie Tay 1ab1116cda
FIX: Disable the previous revision button if it is the last revision (#22784)
We introduced a tiny bug #22522.

When viewing the last revision of a post, we need to disable the  button. This fixes the issue.
2023-07-26 00:44:57 +08:00
Penar Musaraj f5e8e737ad
UX: Compact option for multi-selects (#22239)
Adds an alternative to the default multi select item, better suited for quickly adding/removing tags.
2023-07-25 11:00:02 -04:00
Penar Musaraj 4e5756e3ae
FIX: Handle empty directory columns in /u route (#22747)
The `/u` route was broken when there were no directory columns because
its order parameter relied on the first column's name. This commit adds
a `likes_received` as the default order when there are no columns, which
results in a list of users being output without any additional columns.

For this very edge case, that's better than a JS error.
2023-07-25 10:58:43 -04:00
David Taylor 42a78bb4ad
UX: Hide header in dismiss modal (#22777)
The header was accidentally introduced during the refactoring in d8a87792af
2023-07-25 13:51:38 +01:00
Jarek Radosz 49fc775fad
FIX: Fast-edit shortcuts got lost in bdd97ff (#22762) 2023-07-25 14:45:59 +02:00
David Battersby d11f02c03a
FIX: make document overflow hidden on both axis when lightbox is open (#22775)
Fixes issue with scrolling background when lightbox is opened on mobile.

Since we rely on swiping for navigating lightbox galleries on mobile, we want to disable document scrolling.
2023-07-25 15:27:32 +08:00