Commit Graph

29820 Commits

Author SHA1 Message Date
dependabot[bot] 55810a8b46
Build(deps): Bump html-entities in /app/assets/javascripts (#22098)
Bumps [html-entities](https://github.com/mdevils/html-entities) from 2.3.5 to 2.3.6.
- [Release notes](https://github.com/mdevils/html-entities/releases)
- [Changelog](https://github.com/mdevils/html-entities/blob/master/CHANGELOG.md)
- [Commits](https://github.com/mdevils/html-entities/compare/v2.3.5...v2.3.6)

---
updated-dependencies:
- dependency-name: html-entities
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-14 02:06:28 +02:00
Sam eb603b246b
PERF: limit anonymization to 1 per cluster (#21992)
Anonymization is among the most expensive operations we can perform with
extreme potential to impact the database. To mitigate risk we only allow a
single anonymization across the entire cluster concurrently.

This commit introduces support for `cluster_concurrency 1`. When you set that on a Job it will only allow 1 concurrent execution per cluster.
2023-06-14 08:30:23 +10:00
Juan David Martínez Cubillos 1a27e715ee
PERF: Increase performance of large csv exports for User Histories (#22008)
* PERF: Increase performance of large csv exports for User Histories

* added find_each for screened_email_export
2023-06-13 16:05:08 -05:00
Kris e0f848c2ea
REFACTOR: move shadow vars to css custom props (#22094) 2023-06-13 16:38:31 -04:00
Kris 17656e4451
UX: force long filenames to wrap in lightbox (#22091) 2023-06-13 13:34:14 -04:00
Roman Rizzi 8938ecabc2
FEATURE: Custom content summarization strategies. (#21813)
* FEATURE: Content custom summarization strategies.

This PR establishes a pattern for plugins to register alternative ways of summarizing content by extending a class that defines an interface.

Core controls which strategy we'll use and who has access to it through the `summarization_strategy` and `custom_summarization_allowed_groups`. It also defines the UI for summarizing topics.

Other plugins can access this summarization mechanism and implement their features, removing cross-plugin customizations, as it currently happens between chat and the discourse-ai plugin.

* Group membership validation and rate limiting

* Work with objects instead of classes

* Port summarization feature from discourse-ai to chat

* Rename available summaries to 'Top Replies' and 'Summary'
2023-06-13 14:21:46 -03:00
Blake Erickson dcceb91000
SECURITY: Prevent dismissal of topics that user can't see (#22086)
Co-authored-by: OsamaSayegh <asooomaasoooma90@gmail.com>
2023-06-13 11:08:55 -06:00
Blake Erickson 644dded000
SECURITY: Use canonical url for topic embeddings (#22085)
This prevents duplicate topics from being created when using embed_urls
that only differ on query params.
2023-06-13 11:08:08 -06:00
Blake Erickson 56b74e6042
SECURITY: Limit ThemeField value length to prevent DoS (#22087)
Co-authored-by: Daniel Waterworth <me@danielwaterworth.com>
2023-06-13 12:07:47 -05:00
Blake Erickson e576fdbe3a
SECURITY: set max-height property for iframes (#22084)
Co-authored-by: David Battersby <info@davidbattersby.com>
2023-06-13 11:07:32 -06:00
Régis Hanol 4cb3412a56
PERF: improve `findAllMatches` speed (#22083)
When we introduced unicode support in the regular expressions used in watched words (9a27803) we didn't realize the cost adding the `u` flag would be.

Turns out, it's pretty bad when you have lots of regular expressions to test. A customer had slightly less than 200 watched words, and it would freeze the browser for about 2s on the first check of those regular expressions (roughly 10ms per regular expression).

This commit introduces a new field (`word`) to the serialized watched words which is then converted to a very fast and cheap regular expression on the client-side. We use that regexp to quicly check whether a matcher is even worth trying so that we don't incure the cost of compiling the expensive unicode regexp.

This commit also busts the `WordWatcher` cache since we added a new field to be serialized.

One nice side effect of using `matchAll` instead of a `while / exec` loop is that the likeliness of having a bad regexp matching infinitely is vastly reduced 🙌
2023-06-13 18:34:28 +02:00
Penar Musaraj 3c490b2db8
UX: Better alignment for experimental grids (#22066)
Improves the layout of most grids in posts, by using `object-fit: cover` for most images. This allows images to better fill up the space, without changing their aspect ratio.
2023-06-13 09:25:46 -04:00
chapoi bb4b60d624
UX: remove rounded border on hover lightbox (#22080) 2023-06-13 13:31:28 +02:00
Loïc Guitaut 5257c80064 DEV: Set limits on custom fields
This patch sets some limits on custom fields:
- an entity can’t have more than 100 custom fields defined on it
- a custom field can’t hold a value greater than 10,000,000 characters

The current implementation of custom fields is relatively complex and
does an upsert in SQL at some point, thus preventing to simply add an
`ActiveRecord` validation on the custom field model without having to
rewrite a part of the existing logic.
That’s one of the reasons this patch is implementing validations in the
`HasCustomField` module adding them to the model including the module.
2023-06-13 11:47:21 +02:00
Krzysztof Kotlarek 4270ab932a
FIX: change dismiss new button label (#22075)
Button which is opening modal to dismiss topics should be "Dismiss…"
2023-06-13 13:18:39 +10:00
dependabot[bot] 9854b034c6
Build(deps-dev): Bump terser in /app/assets/javascripts (#22074)
Bumps [terser](https://github.com/terser/terser) from 5.17.7 to 5.18.0.
- [Changelog](https://github.com/terser/terser/blob/master/CHANGELOG.md)
- [Commits](https://github.com/terser/terser/compare/v5.17.7...v5.18.0)

---
updated-dependencies:
- dependency-name: terser
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-13 01:31:36 +02:00
dependabot[bot] b5358e803e
Build(deps-dev): Bump sinon in /app/assets/javascripts (#22073)
Bumps [sinon](https://github.com/sinonjs/sinon) from 15.1.0 to 15.1.2.
- [Release notes](https://github.com/sinonjs/sinon/releases)
- [Changelog](https://github.com/sinonjs/sinon/blob/main/docs/changelog.md)
- [Commits](https://github.com/sinonjs/sinon/compare/v15.1.0...v15.1.2)

---
updated-dependencies:
- dependency-name: sinon
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-13 01:20:28 +02:00
Bianca Nenciu 774698491d
UX: Make user tips more visible (#22012)
Inverts the background of the user tip to make it more visible.
2023-06-12 21:08:49 +03:00
dependabot[bot] 7c768a2ff9
Build(deps-dev): Bump @babel/core in /app/assets/javascripts (#22026)
Bumps [@babel/core](https://github.com/babel/babel/tree/HEAD/packages/babel-core) from 7.22.1 to 7.22.5.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.22.5/packages/babel-core)

---
updated-dependencies:
- dependency-name: "@babel/core"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-12 16:50:43 +02:00
Kris 5ed24bc8a1
UX: dark color palettes need darker shadows (#22051) 2023-06-12 10:15:14 -04:00
dependabot[bot] 41423652c1
Build(deps-dev): Bump @babel/standalone in /app/assets/javascripts (#22027)
Bumps [@babel/standalone](https://github.com/babel/babel/tree/HEAD/packages/babel-standalone) from 7.22.4 to 7.22.5.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.22.5/packages/babel-standalone)

---
updated-dependencies:
- dependency-name: "@babel/standalone"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-12 15:47:34 +02:00
Loudghiri Ahmed 589add7bb5
FIX: use `_presentChannels.size` instead of `_presentChannels.length` (#22053)
`_presentChannels` is a Set, not an Array. Previously this `else if` condition would never be hit.
2023-06-12 13:48:24 +01:00
Jarek Radosz b7568ea4a5
FIX: TOC anchors in a subfolder setup (#21985)
Clicking on TOC heading anchors in a subfolder setup was breaking the current URL for users.

Other than the fix this change introduces the ability to test the subfolder setup in system specs.
2023-06-12 13:59:54 +02:00
dependabot[bot] 0f4f8c45f9
Build(deps): Bump webpack in /app/assets/javascripts (#21987)
Bumps [webpack](https://github.com/webpack/webpack) from 5.85.1 to 5.86.0.
- [Release notes](https://github.com/webpack/webpack/releases)
- [Commits](https://github.com/webpack/webpack/compare/v5.85.1...v5.86.0)

---
updated-dependencies:
- dependency-name: webpack
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-12 13:59:23 +02:00
David Taylor cc2f18121d
DEV: Bump workbox packages from 4.3.1 to 7.0.0 (#22052) 2023-06-12 12:28:40 +01:00
Jarek Radosz cc15d1f86d
DEV: Fix subfolder setup in dev env (#21983)
1. ember proxy stuff still isn't in a great shape, live-reload doesn't work yet, uploads made w/o subfolder won't work, custom fonts don't work, service worker doesn't work. But otherwise it's fine :P
2. I don't know why `HTTP_IF_MODIFIED_SINCE` can be an empty string. Don't have time to investigate, and fast_blank makes this fix an easy solution ;)
2023-06-12 12:49:26 +02:00
Martin Brennan 7e0fcd1b42
FEATURE: Dynamic chunk size with uppy (#22061)
When we get to really big files, it's better to not have thousands
of small chunks, since we don't have a resume functionality if the
upload fails. Better to try upload less chunks even if those chunks
are bigger.

For example, with this change a 20GB file would go from 4000 chunks
of the default 5mb to 1000 chunks of the new 20mb size. Still a lot,
but perhaps more manageable.

This is somewhat experimental -- if we still don't see improvements
we can always change back.
2023-06-12 17:47:29 +10:00
chapoi fca6c1836c
UX: Chat unread indicator refactor (#22040)
* move the chat unread indicator to top to match the profile avatar indicator
* add white border to profile avatar indicator (badge notification) to match chat indicator and userstatus styling
* change `.urgent` to BEM
* congregate all styling into mixin
  * update chat index to use mixin
  * update thread indicator to use mixin
  * update header indicator to use mixin

---------

Co-authored-by: Joffrey JAFFEUX <j.jaffeux@gmail.com>
Co-authored-by: Martin Brennan <martin@discourse.org>
2023-06-12 14:33:45 +10:00
Alan Guo Xiang Tan b4611114f9
DEV: Use `concat-class` helper when setting class for `DButton` (#21998)
Why this change?

Currently, we're interpolating within a string to set the class for the
`DButton` component. However, the interpolation and formatting of our
handlebars templates result in unnecessary spaces being added to the
class attribute.

```
<button class="sidebar-section-header sidebar-section-header-collapsable btn-flat

    btn
    no-text
    " aria-controls="sidebar-section-content-categories" aria-expanded="true" title="Toggle section" type="button">
  ...
</button>
```

This makes the HTML elements for buttons hard to read especially when
we're debugging issues in the console. After this change, this is what
we get:

```
<button class="sidebar-section-header sidebar-section-header-collapsable btn-flat btn no-text" aria-controls="sidebar-section-content-categories" aria-expanded="true" title="Toggle section" type="button">
   ...
</button>
```
2023-06-12 08:29:21 +08:00
dependabot[bot] 239942d726
Build(deps-dev): Bump sass from 1.62.1 to 1.63.3 in /app/assets/javascripts (#22059)
Bumps [sass](https://github.com/sass/dart-sass) from 1.62.1 to 1.63.3.
- [Release notes](https://github.com/sass/dart-sass/releases)
- [Changelog](https://github.com/sass/dart-sass/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sass/dart-sass/compare/1.62.1...1.63.3)

---
updated-dependencies:
- dependency-name: sass
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-12 07:59:44 +08:00
Penar Musaraj 1abfe2e61d
UX: Small spacing fix for grid items (#21979)
Supports spacing for videos and placeholder elements.
2023-06-09 15:28:50 -04:00
Kris ae8347d948
UX: minor #mention style adjustments (#22048) 2023-06-09 15:08:54 -04:00
Joffrey JAFFEUX 737e007f01
Revert "FIX: attempts to exit lock-on early (#21949)" (#22045)
This reverts commit ad0a8cccc8.
2023-06-09 20:06:34 +02:00
Kris 6e395786bf
UX: increase contrast of "more" sidebar dropdown (#22044) 2023-06-09 12:38:44 -04:00
Meghna 124de2ba7c
UX: list group label indicator should match existing design (#21999)
* UX: list group label indicator should match existing design

* better formatting

* add slight left margin
2023-06-09 21:30:34 +05:30
Jean b2aa411436
FEATURE: Add new site setting type for tag-group lists (#21993)
* FEATURE: Add new site setting type for tag-group lists
2023-06-09 11:02:55 -04:00
Selase Krakani b3bb3872cf
FIX: Make serialized watched word regex Javascript compatible (#22010)
This change ensures Javascript compatible regex is serialized instead of
the default ruby based one.
2023-06-09 10:22:41 +00:00
David Taylor 9c926ce645
PERF: Improve workbox loading strategy (#22019)
Previously workbox JS was vendored into our git repository, and would be loaded from the `public/javascripts` directory with a 1 day cache lifetime. The main aim of this commit is to add 'cachebuster' to the workbox URL so that the cache lifetime can be increased.

- Remove vendored copies of workbox.
- Use ember-cli/broccoli to collect workbox files from node_modules into assets/workbox-{digest}
- Add assets to sprockets manifest so that they're collected from the ember-cli output directory (and uploaded to s3 when configured)

Some of the sprockets-related changes in this commit are not ideal, but we hope to remove sprockets in the not-too-distant future.
2023-06-09 11:14:11 +01:00
Daniel Waterworth 3d3e8c8fbd
FIX: json_schemer no longer allows nil keys (#22015) 2023-06-08 15:12:47 -05:00
Keegan George 39efa4c32a
DEV: Create posts from form templates (#21980) 2023-06-08 12:49:18 -07:00
Bianca Nenciu 4973f0ccde
UX: Remove 'Create Topics' notice (#21958)
We are looking at simplifying the new admin/user experience and the
many notices bring unnecessary complexity.
2023-06-08 22:30:26 +03:00
Andrei Prigorshnev 1ae91fe95f
DEV: fix flaky specs (#22011)
These spec are flaky only in CI, not locally and not in GitHub actions.

The previous attempt was in 44eabde, but actually the failure happens 
a bit earlier. This is another attempt to fix these specs. Quite a lot of 
async logic is happening in emulateAutocomplete(), a call to settled() 
in the end should help make it more reliable.
2023-06-08 22:34:47 +04:00
Selase Krakani c45eb8a618
FIX: Create new PM notifications for `watching_first_post` groups (#21997)
At the moment, PMs to groups with default notification level set to
`watching_first_post` do not generate "emailable" notifications. This happens
because, topic user notification level which is indirectly derived
from the group's default notification level is set to `tracking` if the
group's notification level happens to be `watching_first_post`.

This leads to a `group_message_summary` notification being created
instead of a `private_message` notification which results in no email
alerts being sent when a  topic is created.

As this `watching_first_post` --> `tracking` switcheroo appears to be
intentional instead being a bug, this change extends `PostAlerter`'s
`notify_pm_users` method to create a `private_message` notification for
first posts created in a `watching_first_post` group even if the topic
user notification level is set to `tracking`
2023-06-08 17:41:44 +00:00
Bianca Nenciu ab260e70be
FEATURE: Add Mailpace webhook (#21981)
Adds Mailpace (formerly known as ohmystmp) webhook

Co-authored-by: ruq <hosch@mailbox.org>
2023-06-08 20:06:20 +03:00
Kris d246938265
UX: show tooltip for global nav section icon (#21974) 2023-06-08 12:57:44 -04:00
Meghna ccf18b5e44
DEV: add class for static login description section (#22002) 2023-06-08 19:51:41 +05:30
Alan Guo Xiang Tan 853bce2abc
UX: Allow users to filter categories in edit sidebar categories modal (#21996)
What does this change do?

This change is a continuation of
2191b879c6 and adds an input filter to the
edit sidebar categories modal which the user can use to filter through
the list of categories by the category's name.

Note that if a child category is being shown, all of its ancestors will
be shown even if the names of the ancestors do not match the given
filter. This is to ensure that we continue to display the hierarchy of a
child category even if the parent category does not match the filter.
2023-06-08 12:54:51 +08:00
Alan Guo Xiang Tan 2191b879c6
FEATURE: Support sub-subcategories in new edit sidebar categories modal (#21994)
Why does this commit do?

This commit adds support for sub-subcategories in the new edit sidebar
categories modal added in fc296b9a81. Note
that sub-subcategories are enabled when `max_category_nesting` is set to
`3`.
2023-06-08 10:15:01 +08:00
Juan David Martínez Cubillos 5fdd3bd28a
DEV: Implement staff logs for user columns edits (#21774)
* DEV: Implement staff logs for user columns edits

* deleted extra space in staff logger detail string, deleted string when no changes are made, added basic test coverage for EditDirectoryColumnsController

* fixed change made to #self.staff_actions un UserHistory

* implemented a method that builds the details, previous_values and new_values in a dynamic way

* removed details of changes

* refactored small merge
2023-06-07 17:19:58 -05:00
Jordan Vidrine 928589adfd
CSS: Move table editor button to right (#21976) 2023-06-07 14:50:34 -05:00
Bianca Nenciu 5fc1586abf
PERF: Cache ToS and Privacy Policy paths (#21860)
Checking if the topic exists happened often and that can cause
performance issues.
2023-06-07 21:31:20 +03:00
Penar Musaraj 987ec602ec
FEATURE: image grid in posts (experimental) (#21513)
Adds a new `[grid]` tag that can arrange images (or other media) into a grid in posts. 

The grid defaults to a 3-column with a few exceptions:

- if there are only 2 or 4 items, it defaults to a 2-column grid (because it generally looks better)
- on mobile, it defaults to a 2-column grid
- if there is only one item, the grid has no effect
2023-06-07 14:15:57 -04:00
Kris e43ac00bf4
FIX: add category colors back to categories pages (#21977) 2023-06-07 12:57:10 -04:00
Joffrey JAFFEUX 821e9cb649
PERF: avoids eager pluck in posts controller (#21973)
Calling pluck is instantly making a SELECT, while passing the relationship allows rails to build a correct query.

Before (2 selects):

```
pry(main)> Post.where(topic_id: Topic.where(id: [1,3,4]).pluck(:id)).count
   (1.3ms)  SELECT "topics"."id" FROM "topics" WHERE "topics"."deleted_at" IS NULL AND "topics"."id" IN (1, 3, 4)
  Post Count (0.5ms)  SELECT COUNT(*) FROM "posts" WHERE "posts"."deleted_at" IS NULL AND "posts"."topic_id" IN (1, 3, 4)
```

After (1 select):

```
pry(main)> Post.where(topic_id: Topic.where(id: [1,3,4])).count
  Post Count (2.7ms)  SELECT COUNT(*) FROM "posts" WHERE "posts"."deleted_at" IS NULL AND "posts"."topic_id" IN (SELECT "topics"."id" FROM "topics" WHERE "topics"."deleted_at" IS NULL AND "topics"."id" IN (1, 3, 4))
```
2023-06-07 13:30:38 +02:00
Joffrey JAFFEUX 11d7270e36
PERF: prevents eager pluck in post alerter (#21972)
Before (4 selects):

```
  Topic Load (1.8ms)  SELECT "topics"."id", "topics"."title", "topics"."last_posted_at", "topics"."created_at", "topics"."updated_at", "topics"."views", "topics"."posts_count", "topics"."user_id", "topics"."last_post_user_id", "topics"."reply_count", "topics"."featured_user1_id", "topics"."featured_user2_id", "topics"."featured_user3_id", "topics"."deleted_at", "topics"."highest_post_number", "topics"."like_count", "topics"."incoming_link_count", "topics"."category_id", "topics"."visible", "topics"."moderator_posts_count", "topics"."closed", "topics"."archived", "topics"."bumped_at", "topics"."has_summary", "topics"."archetype", "topics"."featured_user4_id", "topics"."notify_moderators_count", "topics"."spam_count", "topics"."pinned_at", "topics"."score", "topics"."percent_rank", "topics"."subtype", "topics"."slug", "topics"."deleted_by_id", "topics"."participant_count", "topics"."word_count", "topics"."excerpt", "topics"."pinned_globally", "topics"."pinned_until", "topics"."fancy_title", "topics"."highest_staff_post_number", "topics"."featured_link", "topics"."reviewable_score", "topics"."image_upload_id", "topics"."slow_mode_seconds", "topics"."bannered_until", "topics"."external_id" FROM "topics" WHERE "topics"."deleted_at" IS NULL ORDER BY "topics"."id" DESC LIMIT 1
  User Load (1.2ms)  SELECT "users".* FROM "users" ORDER BY "users"."id" DESC LIMIT 1
   (0.6ms)  SELECT "groups"."id" FROM "groups" INNER JOIN "group_users" ON "groups"."id" = "group_users"."group_id" WHERE "group_users"."user_id" = 1
   (0.4ms)  SELECT "topic_allowed_groups"."group_id" FROM "topic_allowed_groups" WHERE "topic_allowed_groups"."topic_id" = 7 AND "topic_allowed_groups"."group_id" IN (1, 3, 10, 11) LIMIT 1
```

After (3 selects):

```
  Topic Load (1.3ms)  SELECT "topics"."id", "topics"."title", "topics"."last_posted_at", "topics"."created_at", "topics"."updated_at", "topics"."views", "topics"."posts_count", "topics"."user_id", "topics"."last_post_user_id", "topics"."reply_count", "topics"."featured_user1_id", "topics"."featured_user2_id", "topics"."featured_user3_id", "topics"."deleted_at", "topics"."highest_post_number", "topics"."like_count", "topics"."incoming_link_count", "topics"."category_id", "topics"."visible", "topics"."moderator_posts_count", "topics"."closed", "topics"."archived", "topics"."bumped_at", "topics"."has_summary", "topics"."archetype", "topics"."featured_user4_id", "topics"."notify_moderators_count", "topics"."spam_count", "topics"."pinned_at", "topics"."score", "topics"."percent_rank", "topics"."subtype", "topics"."slug", "topics"."deleted_by_id", "topics"."participant_count", "topics"."word_count", "topics"."excerpt", "topics"."pinned_globally", "topics"."pinned_until", "topics"."fancy_title", "topics"."highest_staff_post_number", "topics"."featured_link", "topics"."reviewable_score", "topics"."image_upload_id", "topics"."slow_mode_seconds", "topics"."bannered_until", "topics"."external_id" FROM "topics" WHERE "topics"."deleted_at" IS NULL ORDER BY "topics"."id" DESC LIMIT 1
  User Load (0.5ms)  SELECT "users".* FROM "users" ORDER BY "users"."id" DESC LIMIT 1
   (0.8ms)  SELECT "topic_allowed_groups"."group_id" FROM "topic_allowed_groups" WHERE "topic_allowed_groups"."topic_id" = 7 AND "topic_allowed_groups"."group_id" IN (SELECT "groups"."id" FROM "groups" INNER JOIN "group_users" ON "groups"."id" = "group_users"."group_id" WHERE "group_users"."user_id" = 1) LIMIT 1
```
2023-06-07 12:46:48 +02:00
David Taylor fab506149a
DEV: Convert modal wrapper from named outlet to component (#21970)
This removes the modal container named-outlet/controller/template and replaces it with a component. Named outlets will be removed in Ember 4.x, so this change is part of that upgrade project.

Smaller changes include:
- update some of the computed values to be getters rather than calculated during `show()`.
- update tests which were previously depending on the modal class persisting after the modal was closed

Much of the logic in the service will be deprecated once we introduce component-based modals.

This work is split out from https://github.com/discourse/discourse/pull/21304

Previously merged in 80b77b2e and then reverted due to issues with the PM invite modal. This PR fixes the issue, and introduces a test which would have caught the issue.
2023-06-07 10:41:29 +01:00
dependabot[bot] e59ae0fb2e
Build(deps): Bump html-entities in /app/assets/javascripts (#21961)
Bumps [html-entities](https://github.com/mdevils/html-entities) from 2.3.4 to 2.3.5.
- [Release notes](https://github.com/mdevils/html-entities/releases)
- [Changelog](https://github.com/mdevils/html-entities/blob/master/CHANGELOG.md)
- [Commits](https://github.com/mdevils/html-entities/commits)

---
updated-dependencies:
- dependency-name: html-entities
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-07 10:54:20 +02:00
Alan Guo Xiang Tan 9a18c8032a
UX: Don't block render of user messages secondary nav for tracking state (#21965)
Why is this change required?

Right now, we're awaiting on the promise returned by
`this.pmTopicTrackingState.startTracking()` which blocks the rendering
of the template until the promise resolves. However, this blocking of
the rendering ends up introducing yet another intermediate loading state
in the UI which we find unsightly. Instead of blocking the rendering, we
allow the promise to resolve in the background and display the
new/unread counts when the promise resolves.
2023-06-07 12:37:05 +08:00
Alan Guo Xiang Tan fc296b9a81
UX: First pass at edit categories navigation modal for sidebar (#21963)
What this change?

We are currently not fully satisfied with the current way to edit the
categories and tags that appears in the sidebar where the user is
redirected to the tracking preferences tab in the user's profile causing
the user to lose context of the current page. In addition, the dropdown
to select categories or tags limits the amount of information we can
display.

Since editing or adding a custom categories section is already using a
modal, we have decided to switch editing the categories and tags that
appear in the sidebar to use a modal as well.

This commit ships a first pass of the edit categories modal such that we
can keep the commit small and reviewable. The incomplete nature of the
feature is also reflected in the fact that the feature is hidden behind
a new `new_edit_sidebar_categories_tags_interface_groups` site setting.
2023-06-07 12:09:30 +08:00
Alan Guo Xiang Tan 213d9dbe41
Revert "DEV: Convert modal wrapper from named outlet to component (#21932)" (#21964)
This reverts commit 80b77b2e65.

Some modal functionality has been broken like inviting an existing user
to a PM
2023-06-07 10:33:03 +08:00
Martin Brennan 69eecf92d0
FIX: Use a default hashtag icon color for user with no permission (#21825)
One user can create a post or chat message with a hashtag they
have permission to use, but then when other users look at that
post they will see an empty space next to the hashtag because they
do not have the permission to load the colors in CSS classes for
the related category.

This fixes the issue by adding a default color with a special
CSS class if the user doesn't have permission to see the linked
channel/category on the hashtag.
2023-06-07 10:15:39 +10:00
Krzysztof Kotlarek af74cf5c77
FEATURE: new dismiss button for combined new and unread view (#21817)
Display modal for combined new and unread view with options:
- [x] Dismiss new topics
- [x] Dismiss new posts
- [ ] Stop tracking these topics so they stop appearing in my new list
2023-06-07 10:06:57 +10:00
Vinoth Kannan 899969fd5d
FIX: toggle topic pinning for user only if thumbtack icon is pressed. (#21917)
Previously, the topic is pinned/unpinned even when the bookmark icon is pressed in the topic list page. Because we didn't check the class names of topic status icons.
2023-06-07 03:53:39 +05:30
Alan Guo Xiang Tan f682071ed0
PERF: Avoid rendering a component that isn't required most of the time (#21942)
What is this change required?

The `enable_offline_indicator` site setting is disabled by default so
there is no need for us to be rendering an extra Ember component when
the site setting is not enabled.
2023-06-07 06:23:19 +08:00
Alan Guo Xiang Tan 1cbc65ba79
DEV: Refactor `GroupNotificationsButton` into `userPrivateMessages.group` route (#21930)
Why this change?

Before this change, the `GroupNotificationsButton` is rendered in the
template of `userPrivateMessages` route based on a conditional that
checks if the `isGroup` property is true. However, the `isGroup`
property is determined based on the child route that is rendered.
However, this leads to "jankiness" in the UI because the
`GroupNotificationsButton` will be rendered once the route is entered
even if the model for the child route has not been resolved yet.

What is the solution?

In order to avoid this, we move the rendering of the
`GroupNotificationsButton` into the template of the
`userPrivateMessages.group` route and rely on the `in-element` helper to
render it into the right spot in the template of the
`userPrivateMessages` route.
2023-06-07 06:22:50 +08:00
Kris d371f3906e
FIX: restore sidebar footer background (#21956) 2023-06-06 14:46:08 -04:00
Joffrey JAFFEUX ad0a8cccc8
FIX: attempts to exit lock-on early (#21949) 2023-06-06 16:28:06 +02:00
Kris 10dce46886
UX: remove sidebar background color (#21775) 2023-06-06 09:24:56 -04:00
David Taylor 80b77b2e65
DEV: Convert modal wrapper from named outlet to component (#21932)
This removes the modal container named-outlet/controller/template and replaces it with a component. Named outlets will be removed in Ember 4.x, so this change is part of that upgrade project.

Smaller changes include:
- update some of the computed values to be getters rather than calculated during `show()`.
- update tests which were previously depending on the modal class persisting after the modal was closed

Much of the logic in the service will be deprecated once we introduce component-based modals.

This work is split out from https://github.com/discourse/discourse/pull/21304
2023-06-06 10:14:07 +01:00
Natalie Tay d2ef490e9a
FIX: Hide delete button to invite as user are unable to delete anyway (#21884)
Moderators are not allowed to delete invites that don't belong to them
2023-06-06 12:24:19 +08:00
Alan Guo Xiang Tan 6642958706
UX: Correct educate message when there are no new topics (#21943)
Why does this change do?

This commit updates the educate message displayed when there are no new
topics on the `/new` route when the experimental new new view site setting is enabled.

The commit also fixes a couple of bugs:

1. Correct default auto track minutes used in the copy for unread
   topics from the 4 minutes to 5 minutes.

2. Correct link to user's preference in copy to go to tracking tab
   instead of notifications tab.
2023-06-06 12:22:12 +08:00
dependabot[bot] d3049b71f8
Build(deps): Bump webpack from 5.85.0 to 5.85.1 in /app/assets/javascripts (#21939)
Bumps [webpack](https://github.com/webpack/webpack) from 5.85.0 to 5.85.1.
- [Release notes](https://github.com/webpack/webpack/releases)
- [Commits](https://github.com/webpack/webpack/compare/v5.85.0...v5.85.1)

---
updated-dependencies:
- dependency-name: webpack
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-06 07:48:31 +08:00
dependabot[bot] 9cb285579f
Build(deps): Bump html-entities from 2.3.3 to 2.3.4 in /app/assets/javascripts (#21938)
Bumps [html-entities](https://github.com/mdevils/html-entities) from 2.3.3 to 2.3.4.
- [Release notes](https://github.com/mdevils/html-entities/releases)
- [Changelog](https://github.com/mdevils/html-entities/blob/master/CHANGELOG.md)
- [Commits](https://github.com/mdevils/html-entities/commits)

---
updated-dependencies:
- dependency-name: html-entities
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-06 07:48:15 +08:00
Kris 7d9953dc15
UX: adjust frequent poster size in topic map (#21933) 2023-06-05 18:18:58 -04:00
Jarek Radosz 4313cd5298
DEV: Fix a sass warning (#21931) 2023-06-05 18:57:33 +02:00
Mark VanLandingham 3bfc6805ce
FEATURE: Offline indicator (#21369) 2023-06-05 11:08:04 -05:00
Blake Erickson 704a792f18
FEATURE: Add API Scope for latest posts (#21913)
Adds api scopes for

- `/posts.json`
- `/posts.rss`
- `/private-posts.json`
- `/private-posts.rss`
2023-06-05 09:04:34 -06:00
Alan Guo Xiang Tan 2032d3c2fb
PERF: Preload user information when visiting user messages routes (#21929)
What is the problem?

The user messages routes are currently routed by the server to
`UserActionsController#private_messages`. However, the method is
essentially a no-op and does not do any preloading. As a result, when we
load the user private messages routes, the client ends up having to
issue another request to the server to get more information about the
user profile currently being viewed. This extra request is triggered by
the `user` model's `findDetails` method that is called from the `user`
route in the `afterModel` hook.

What is the solution?

The `user` model's `findDetails` method actually checks the preload
store to see if the `user_${username}` key is present in the store and
if it is, it will use the preloaded data instead of triggering another
request. Since the user private messages routes are nested under the
user route on the client side, we have to rely on the
`UsersController#show` controller action on the server side for the user private
messages route as the `UsersController#show` controller action preloads
the required user information for the client side.
2023-06-05 19:24:22 +08:00
Krzysztof Kotlarek 658b310305
FIX: simplify review community section link (#21907)
Before, the review button was shown in `primary section` when there were items to review. Otherwise, it was hidden in `more section`.

Because we are allowing admins to customize community section and reorder link, it makes sense to simplify that logic and review link should follow admin's decision.
2023-06-05 11:25:29 +08:00
Alan Guo Xiang Tan ce2bd96590
PERF: Client side triggering multiple requests when opening composer (#21925)
What is the problem?

When opening the composer, we are seeing multiple requests made to
the `/composer_messages` endpoint. This is due to our use of the
`transitionend` event on the `#reply-control` element. The event is
fired once for each transition event and the `#reply-control` element
has multiple transition events.

What is the solution?

Since are only interested in the `height` transition event, we add a
condition to check that the callback function is only triggered when the
`propertyName` of the `transitionend` event is `height`.

Why is there no tests for this change?

In QUnit, we have `transition: none !important` set in the stylesheet
with no easy way to disable. We'll have to accept the risk of not
writing test for this performance fix.
2023-06-05 11:12:38 +08:00
dependabot[bot] 1e50e19db9
Build(deps-dev): Bump eslint from 8.41.0 to 8.42.0 in /app/assets/javascripts (#21921)
Bumps [eslint](https://github.com/eslint/eslint) from 8.41.0 to 8.42.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v8.41.0...v8.42.0)

---
updated-dependencies:
- dependency-name: eslint
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-05 08:03:03 +08:00
Sérgio Saquetim 58c3bbc080
FIX: Prevent undefined on isSafari capabilities test (#21914)
Added a null coalesce operator on the field `isSafari` on the capabilities service to prevent an error in case `pushNotifications` is `undefined`
2023-06-02 19:06:13 -03:00
dependabot[bot] 0615f5cc95
Build(deps): Bump @ember/render-modifiers in /app/assets/javascripts (#21902)
Bumps [@ember/render-modifiers](https://github.com/emberjs/ember-render-modifiers) from 2.0.5 to 2.1.0.
- [Release notes](https://github.com/emberjs/ember-render-modifiers/releases)
- [Changelog](https://github.com/emberjs/ember-render-modifiers/blob/master/CHANGELOG.md)
- [Commits](https://github.com/emberjs/ember-render-modifiers/compare/v2.0.5...v2.1.0)

---
updated-dependencies:
- dependency-name: "@ember/render-modifiers"
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-02 20:47:52 +02:00
dependabot[bot] ea926c2cb1
Build(deps-dev): Bump terser in /app/assets/javascripts (#21900)
Bumps [terser](https://github.com/terser/terser) from 5.17.6 to 5.17.7.
- [Changelog](https://github.com/terser/terser/blob/master/CHANGELOG.md)
- [Commits](https://github.com/terser/terser/compare/v5.17.6...v5.17.7)

---
updated-dependencies:
- dependency-name: terser
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-02 20:47:11 +02:00
Osama Sayegh fc0e7fe802
FIX: Ensure mention autocomplete box doesn't go off-screen in RTL locales (#21905)
Meta topic: https://meta.discourse.org/t/mention-suggestion-list-box-in-the-rtl-website-in-wrong-place/266763?u=osama.

Our autocomplete box doesn't currently take into account the user's locale and places itself off-screen when using an RTL locale. This commit changes the placement logic for the autocomplete box when an RTL locale is used to make sure that:

1. the autocomplete box's right side is near and to the left of the caret 
2. the autocomplete box doesn't go beyond the composer's left side.
2023-06-02 19:55:00 +03:00
Blake Erickson 56ee46bf63
FEATURE: API Scope for latest.rss feed (#21906)
Adds an API scope for the `/latest.rss` route.

https://meta.discourse.org/t/188480
2023-06-02 08:28:14 -06:00
Krzysztof Kotlarek 20982ef875
FIX: change Community icons (#21904)
Because of typo, icon could not be changed.
2023-06-02 11:58:54 +10:00
chapoi 9616a08fa6
UX: Add show more btn to reviewable item (#21579) 2023-06-01 11:55:27 -07:00
Kris 8e618a5484
FIX: use fixed dimensions for user card avatar (#21892) 2023-06-01 14:30:49 -04:00
Kris 1d9f195207
UX: adjust various avatars due to size changes (#21890) 2023-06-01 11:17:44 -04:00
Mark VanLandingham c3a734380e
DEV: Plugin outlets / extension points in search-menu (#21642) 2023-06-01 08:33:14 -05:00
锦心 96a2893284
FEATURE: Allow expanding hidden posts for groups in SiteSetting.can_see_hidden_post (#21853)
Allow expanding hidden posts for groups in SiteSetting.can_see_hidden_post
2023-06-01 11:32:05 +08:00
Kris 594b892409
UX: style adjustments for sidebar edit modal (#21869) 2023-06-01 10:37:28 +08:00
dependabot[bot] e6dbc0fff2
Build(deps): Bump webpack from 5.84.1 to 5.85.0 in /app/assets/javascripts (#21871)
Bumps [webpack](https://github.com/webpack/webpack) from 5.84.1 to 5.85.0.
- [Release notes](https://github.com/webpack/webpack/releases)
- [Commits](https://github.com/webpack/webpack/compare/v5.84.1...v5.85.0)

---
updated-dependencies:
- dependency-name: webpack
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-01 10:37:14 +08:00
Osama Sayegh c2fcd55a80
FEATURE: Serve RTL versions of admin and plugins CSS bundles for RTL locales (#21876)
Prior to this commit, we didn't have RTL versions of our admin and plugins CSS bundles and we always served LTR versions of those bundles even when users used an RTL locale, causing admin and plugins UI elements to never look as good as when an LTR locale was used. Example of UI issues prior to this commit were: missing margins, borders on the wrong side and buttons too close to each other etc.

This commit creates an RTL version for the admin CSS bundle as well as RTL bundles for all the installed plugins and serves those RTL bundles to users/sites who use RTL locales.
2023-06-01 05:27:11 +03:00
Alan Guo Xiang Tan d10a050da2
DEV: Fix linting (#21877)
Follow-up to c2332d7505
2023-06-01 11:15:11 +10:00
Sam c2332d7505
FEATURE: reduce avatar sizes to 6 from 20 (#21319)
* FEATURE: reduce avatar sizes to 6 from 20

This PR introduces 3 changes:

1. SiteSetting.avatar_sizes, now does what is says on the tin.
previously it would introduce a large number of extra sizes, to allow for
various DPIs. Instead we now trust the admin with the size list.

2. When `avatar_sizes` changes, we ensure consistency and remove resized
avatars that are not longer allowed per site setting. This happens on the
12 hourly job and limited out of the box to 20k cleanups per cycle, given
this may reach out to AWS 20k times to remove things.

3.Our default avatar sizes are now "24|48|72|96|144|288" these sizes were
very specifically picked to limit amount of bluriness introduced by webkit.
Our avatars are already blurry due to 1px border, so this corrects old blur.

This change heavily reduces storage required by forums which simplifies
site moves and more.

Co-authored-by: David Taylor <david@taylorhq.com>
2023-06-01 10:00:01 +10:00
Jarek Radosz c67315ea74
FIX: Elements floating away on overscroll in Safari (#21868) 2023-05-31 23:34:47 +02:00
Penar Musaraj d5b3db409e
DEV: Allow color scheme loading to be used async (#21836) 2023-05-31 12:30:12 -04:00
Jarek Radosz 475ac297a4
UX: Tweak user deleted posts items (#21856) 2023-05-31 16:49:56 +02:00
Vinoth Kannan d4bfd441ba
FEATURE: display PM participant group names in the topics list. (#21677)
After this change, we can view all participant group names on the topic list page.

Co-authored-by: Régis Hanol <regis@hanol.fr>
2023-05-31 19:32:06 +05:30
Alan Guo Xiang Tan c01580298e
Revert "PERF: Client side triggering multiple requests when opening composer (#21823)" (#21858)
This reverts commit e1ba4c6b73.

Tests are flaky
2023-05-31 21:18:45 +08:00
Alan Guo Xiang Tan e1ba4c6b73
PERF: Client side triggering multiple requests when opening composer (#21823)
What is the problem?

There are two problems being fixed here:

1. When opening the composer, we are seeing multiple requests made to
   the `/composer_messages` endpoint. This is due to our use of the
   `transitionend` event on the `#reply-control` element. The event is
   fired once for each transition event and the `#reply-control` element
   has multiple transition events.

2. System tests have animations disabled so the `transitionend` event
   does not fire at all.

What is the solution?

Instead of relying on the `transitionend` event, we can instead just
observer the `composerState` property of the `ComposerBody` component
and trigger the `composer:opened` appEvent with a delay that is similar
to the transition duration used for the `ComposerBody` component.
2023-05-31 20:58:45 +08:00
Jarek Radosz 5f1e182956
DEV: Remove deprecated posts/:username/flagged (#21846) 2023-05-31 13:00:35 +02:00
Osama Sayegh 0b9f035eac
FIX: Remove unneeded RTL-specific CSS rules
We currently have some CSS rules in `common/base/rtl.scss` that were added to workaround shortcomings of the R2 gem that we used to use to generate versions of our CSS that are suitable for RTL layouts. Those workarounds are mostly duplicates of existing rules with the only difference being that they're flipped to suit RTL layouts (e.g. `padding-left` is changed to `padding-right` and vice versa).

However, we've recently replaced R2 with `rtlcss` which doesn't have those shortcomings of R2 (see f94951147e) which means those workarounds/duplicate rules need to be removed because they're getting flipped by `rltcss`, essentially reverting them to their original LTR version and causing issues with RTL layouts.

This commit removes those workarounds that are no longer needed, and cleans up the the file that contains our RTL-specific CSS.

Meta topic: https://meta.discourse.org/t/avatar-in-rtl-website-in-wrong-place/264676?u=osama.
2023-05-31 01:27:38 +03:00
Sérgio Saquetim 908117e270
DEV: Added modifier hooks to allow plugins to tweak how categories and groups are fetched (#21837)
This commit adds modifiers that allow plugins to change how categories and groups are prefetched into the application and listed in the respective controllers.

Possible use cases:

- prevent some categories/groups from being prefetched when the application loads for performance reasons.
- prevent some categories/groups from being listed in their respective index pages.
2023-05-30 18:41:50 -03:00
Jarek Radosz 1e3a5124da
FIX: `u/:username/deleted-posts` route regression (#21834)
Regressed in 48987af
2023-05-30 23:40:44 +02:00
Canapin a187411611
UX: Fix post history raw view (#21830)
The RAW view was broken by previous PR. This commit fixes it.
2023-05-31 05:29:04 +08:00
Joffrey JAFFEUX 111ac4c7f2
FIX: call composer reset with correct params (#21777)
We were calling reset without the proper params which was causing errors in the console. This commit does the following changes:

- ensures `composer.cancel()` is the only way to cancel editing/reply
- adds a `draftSaved` property to chat message to allow for better tests
- writes a spec to ensure the flow is correct
- adds more page objects for better tests
- homogenize the default state of objects on chat message

Co-authored-by: Martin Brennan <martin@discourse.org>
2023-05-30 18:37:30 +02:00
Bianca Nenciu c3d51e9c0a
FIX: Show Privacy Policy or ToS when they exist (#21771)
Privacy Policy and Terms of Service topics are no longer created by
default for communities that have not set a company name. For this
reason, some URLs were pointing to 404 page.
2023-05-30 17:38:14 +03:00
dependabot[bot] c2493a8f1c
Build(deps-dev): Bump @babel/standalone in /app/assets/javascripts (#21816)
Bumps [@babel/standalone](https://github.com/babel/babel/tree/HEAD/packages/babel-standalone) from 7.22.2 to 7.22.4.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.22.4/packages/babel-standalone)

---
updated-dependencies:
- dependency-name: "@babel/standalone"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-05-30 08:55:58 +02:00
Keegan George c74c90bae5
DEV: Show form templates in the composer (#21190) 2023-05-29 14:47:18 -07:00
dependabot[bot] 4198ac43b4
Build(deps): Bump @popperjs/core in /app/assets/javascripts (#21797)
Bumps [@popperjs/core](https://github.com/popperjs/popper-core) from 2.11.7 to 2.11.8.
- [Release notes](https://github.com/popperjs/popper-core/releases)
- [Commits](https://github.com/popperjs/popper-core/commits)

---
updated-dependencies:
- dependency-name: "@popperjs/core"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-05-29 13:22:01 +02:00
dependabot[bot] 73601ee5b4
Build(deps-dev): Bump @babel/standalone in /app/assets/javascripts (#21796)
Bumps [@babel/standalone](https://github.com/babel/babel/tree/HEAD/packages/babel-standalone) from 7.21.9 to 7.22.2.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.22.2/packages/babel-standalone)

---
updated-dependencies:
- dependency-name: "@babel/standalone"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-05-29 13:21:44 +02:00
dependabot[bot] c8f2d84d1f
Build(deps-dev): Bump @babel/core in /app/assets/javascripts (#21794)
Bumps [@babel/core](https://github.com/babel/babel/tree/HEAD/packages/babel-core) from 7.21.8 to 7.22.1.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.22.1/packages/babel-core)

---
updated-dependencies:
- dependency-name: "@babel/core"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-05-29 13:00:40 +02:00
dependabot[bot] f3d41d5ce0
Build(deps): Bump jsdom from 22.0.0 to 22.1.0 in /app/assets/javascripts (#21793)
Bumps [jsdom](https://github.com/jsdom/jsdom) from 22.0.0 to 22.1.0.
- [Release notes](https://github.com/jsdom/jsdom/releases)
- [Changelog](https://github.com/jsdom/jsdom/blob/master/Changelog.md)
- [Commits](https://github.com/jsdom/jsdom/compare/22.0.0...22.1.0)

---
updated-dependencies:
- dependency-name: jsdom
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-05-29 12:59:56 +02:00
chapoi 5bf2dca24a
UX: add support for flagged chat message in reviewqueue (#21802)
* UX: add support for flagged chat message in reviewqueue

* correctly init a chat message object

---------

Co-authored-by: Joffrey JAFFEUX <j.jaffeux@gmail.com>
2023-05-29 10:02:02 +02:00
Krzysztof Kotlarek 9f78ff5572
FEATURE: modal for admins to edit Community section (#21668)
Allow admins to edit Community section. This includes drag and drop reorder, change names, delete and reset to default.

Visual improvements introduced in edit community section modal are available in edit custom section form as well. For example:
- drag and drop links to change their position;
- smaller icon picker.
2023-05-29 15:20:23 +10:00
Alan Guo Xiang Tan 7d9a823a55
DEV: Fix flaky user preferences interface system test (#21800)
Why is this change required?

The flaky system test was due to the fact that we had to poll for the
user preferences interface page to reload after saving. However, this
turns out to be a bug on the user perferences interface page because the
page should only reload if the user has selected a new theme that is
different from the site's default but we were reloading the page for
users that did not have any user theme selected. Therefore there was an
unnecessary reload happening when saving other fields on the user
preferences interface page.
2023-05-29 11:56:21 +08:00
Joffrey JAFFEUX a6a5c1b69b
PERF: creating a post would cause an N+1 (#21768)
In the case where the `@topic_view` is not present we were fetching users without including `:user_status`, which would cause an N+1
2023-05-26 17:12:46 +02:00
Jarek Radosz 2a748ff5cb
DEV: Clean up template-lint disable/enable lines (#21770) 2023-05-26 17:07:36 +02:00
Martin Brennan b7229953f7
FIX: Hashtag CSS class color specificity (#21766)
Followup to eae47d82e2,
we removed some specificity from the hashtag color
CSS classes, but now the color is being overridden
by the base hashtag-cooked.d-icon color. This color
is no longer needed, so we just remove that and
the specificity.
2023-05-26 12:16:34 +02:00
Alan Guo Xiang Tan dab37c1a5a
DEV: Run tests with new chrome headless (#21684)
New headless shares the same implementation as the chrome browser
instead of being a separate implementation of its own.

See https://developer.chrome.com/articles/new-headless/ for more
details

Co-authored-by: Rafael dos Santos Silva <xfalcox@gmail.com>
2023-05-26 11:02:56 +02:00
Alan Guo Xiang Tan 0bff95fcad
DEV: Support custom icon when adding custom link to sidebar via plugin API (#21760) 2023-05-26 16:46:33 +08:00
Alan Guo Xiang Tan aba7f3cf13
UX: Drop display of `short_site_description` site settings in sidebar (#21759)
Why are we making this change?

Currently, we are displaying the value of the `short_site_description`
site setting in the sidebar only for anonymous user. However, the
display of the description seems out of place in both the `sidebar` and
`header dropdown` navigation menu and do not think the sidebar is the
right place to display it anymore.
2023-05-26 15:04:55 +08:00
dependabot[bot] 21e9855ff6
Build(deps): Bump webpack from 5.84.0 to 5.84.1 in /app/assets/javascripts (#21758)
Bumps [webpack](https://github.com/webpack/webpack) from 5.84.0 to 5.84.1.
- [Release notes](https://github.com/webpack/webpack/releases)
- [Commits](https://github.com/webpack/webpack/compare/v5.84.0...v5.84.1)

---
updated-dependencies:
- dependency-name: webpack
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-05-26 09:10:25 +08:00
Osama Sayegh bb3c05ba0e
DEV: Allow plugins to hook into user preferences update process on the server (#21737)
This commit introduces a new `within_user_updater_transaction` event that's triggered inside the transaction that saves user updates in `UserUpdater`. Plugins can hook into the transaction using the event to include custom changes in the transaction. Callbacks for this event receive 2 arguments:

1. the user being saved
2. the changed attributes that are passed to `UserUpdater`.

There's also new modifier in this commit called `users_controller_update_user_params` to allow plugins to allowlist custom params in the `UsersController` which eventually end up getting passed as attributes to the `UserUpdater` and the new `within_user_updater_transaction` event where they can be used to perform additional updates using the custom params.

-----

New API is used in https://github.com/discourse/discourse-mailinglist-integration/pull/1.
2023-05-26 03:26:38 +03:00
Kris 9268bb92bd
UX: long unsetyled category names need truncation (#21756) 2023-05-25 17:08:39 -04:00
Kris ff03b2274f
UX: minor active state fix for sidebar (#21754) 2023-05-25 16:01:27 -04:00
Renato Atilio c539f749f1
FEATURE: support for chronologically merging posts into existing topic (#21374)
When a user chooses to move a topic/message to an existing topic/message, they can now opt to merge the posts chronologically (using a checkbox in the UI).
2023-05-25 14:38:34 -04:00
Sérgio Saquetim 6a65fa982d
FIX: Include more_topic_url in the response to /categories_and_{latest, top} (#21738)
The field more_topic_url is already included in the response preloaded in categories#index

However this field was missing if a request was subsequently made to update the page using
the end-points /categories_and_latest or /categories_and_top. This could lead the client
app to display incorrect information if it relied on this information to update the UI.
2023-05-25 15:24:48 -03:00
Kris b2e13d1fdd
DEV: add sidebar list-item-name & move attributes (#21730) 2023-05-25 11:36:44 -04:00
Kris 442b5538bb
UX: more style adjustments for larger sidebar font (#21751) 2023-05-25 11:21:30 -04:00
David Taylor d52198356c
DEV: Make `attachWidgetAction` fail gracefully when widget is missing (#21750)
This brings the behaviour in line with our other widget-related APIs like `decorateWidget` and `reopenWidget`. This commit also adds a theme/plugin prefix to the console messages.
2023-05-25 15:21:58 +01:00
Jarek Radosz 036e27e69a
DEV: Move distance_of_time_in_words/time_ago_in_words (#21745)
It wasn't a patch (just two helper functions that were called directly) and no longer has much to do with "Rails 4"
2023-05-25 14:53:59 +02:00
David Taylor d460309f89
DEV: Move modal hide/show logic into a service (#21748)
For now, state is still stored in the modal controller. Eventually the controller will be replaced with a component, and the state will be stored in the service.

(extracted from https://github.com/discourse/discourse/pull/21304)
2023-05-25 13:47:44 +01:00
David Taylor db54b80275
DEV: Replace `HideModalTrigger` with JS logic (#21746)
No need to set up a whole component here - we can just call the necessary JS directly from the `closeModal` function.

(extracted from https://github.com/discourse/discourse/pull/21304)
2023-05-25 13:17:55 +01:00
Joffrey JAFFEUX eae47d82e2
FEATURE: Apply hashtag styles to autocomplete (#21731)
This commit uses improvements done in 0b3cf83 to apply these styles to the autocomplete in composer.
2023-05-25 09:38:12 +02:00
Osama Sayegh a048aeef6a
DEV: Deprecate the `modify_user_params` method in `UsersController` (#21740)
This commit deprecates the `modify_user_params` method in `UsersController` in favor of a new modifier that replaces that method whose entire purpose is to allow plugins to monkey-patch it to permit custom params in the controller. We now have the "modifier" system which can achieve the same results but in a safer and easier way. The modifier that replaces the deprecated method is included in PR https://github.com/discourse/discourse/pull/21737.
2023-05-25 09:56:06 +03:00
Alan Guo Xiang Tan e8b138e24f
DEV: Minor improvements to SidebarSectionsController spec (#21734)
1. '#reorder' specs where serializing objects when it is not needed.

2. Add tests for anon user to `#reorder` specs
2023-05-25 10:08:10 +08:00
Alan Guo Xiang Tan 5cfe323445
PERF: Strict loading for SidebarSection queries (#21717)
What is this change required?

I noticed that actions in `SidebarSectionsController` resulted in
lots of N+1 queries problem and I wanted a solution to
prevent such problems without having to write N+1 queries tests. I have
also used strict loading for `SidebarSection` queries in performance
sensitive spots.

Note that in this commit, I have also set `config.active_record.action_on_strict_loading_violation = :log`
for the production environment so that we have more visibility of
potential N+1 queries problem in the logs. In development and test
environment, we're sticking with the default of raising an error.
2023-05-25 09:10:32 +08:00
Alan Guo Xiang Tan 916495e0a1
DEV: Avoid leaking new site setting states in test environment (#21713)
What is the problem?

In the test environement, we were calling `SiteSetting.setting` directly
to introduce new site settings. However, this leads to changes in state of the SiteSettings
hash that is stored in memory as test runs. Changing or leaking states
when running tests is one of the major contributors of test flakiness.

An example of how this resulted in test flakiness is our `spec/integrity/i18n_spec.rb` spec file which
had a test case that would fail because a new "plugin_setting" site
setting was registered in another test case but the site setting did not
have translations for the site setting set.

What is the fix?

There are a couple of changes being introduced in this commit:

1. Make `SiteSetting.setting` a private method as it is not safe to be
   exposed as a public method of the `SiteSetting` class

2. Change test cases to use existing site settings in Discourse instead
   of creating custom site settings. Existing site settings are not
   removed often so we don't really need to dynamically add new site
   settings in test cases. Even if the site settings being used in test
   cases are removed, updating the test cases to rely on other site
   settings is a very easy change.

3. Set up a plugin instance in the test environment as a "fixture"
   instead of having each test create its own plugin instance.
2023-05-25 07:53:57 +08:00
dependabot[bot] 62fe6a839f
Build(deps): Bump webpack from 5.83.1 to 5.84.0 in /app/assets/javascripts (#21732)
Bumps [webpack](https://github.com/webpack/webpack) from 5.83.1 to 5.84.0.
- [Release notes](https://github.com/webpack/webpack/releases)
- [Commits](https://github.com/webpack/webpack/compare/v5.83.1...v5.84.0)

---
updated-dependencies:
- dependency-name: webpack
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-05-25 07:53:39 +08:00
Bianca Nenciu 61a0ae3755
FEATURE: Create legal topics for set company name (#21620)
Legal topics, such as the Terms of Service and Privacy Policy topics
do not make sense if the entity creating the community is not a company.
These topics will be created and updated only when the company name is
present and deleted when it is not.
2023-05-24 23:05:36 +03:00
Rafael dos Santos Silva baa5389a23
FEATURE: Add support for AVIF images (#21680) 2023-05-24 16:13:36 -03:00
Kris 2aae8d6092
UX: increase sidebar font-size (#21704) 2023-05-24 11:00:20 -04:00
Loïc Guitaut 37b71c5903 FIX: Don’t run validations when invalidating invites
This patch is a followup of
https://github.com/discourse/discourse/pull/21504 where limits on custom
message for an invite were introduced.

This had a side effect of making some existing invites invalid and with
the current code, they can’t be invalidated anymore.

This patch takes the approach of skipping the validations when invites
are invalidated since the important thing here is to mark the invite as
invalidated regardless of its actual state in the DB. (no other
attributes are updated at the same time anyway)
2023-05-24 15:51:33 +02:00
Andrei Prigorshnev d4a5b79592
FEATURE: Add user status to inline mentions in chat (#20564)
This PR adds status to mentions in chat and makes those mentions receive live updates.

There are known unfinished part in this implementation: when posting a message, status on mentions on that message appears immediately, but only if a user used autocomplete when typing the message. If user copy and paste a message with mentions into chat composer, those mentions won't have user status on them.

PRs with fixes for both problems are following soon.

Preparations for this PR that were made previously include:
- DEV: correct a relationship – a chat message may have several mentions 0dcfd7ddec
- DEV: extract the logic for extracting and expanding mentions from ChatNotifier 75b81b6854
- DEV: Always create chat mention records fa543cda06
- DEV: better split create_notification! and send_notifications logic e292c45924
- DEV: more tests for mentions when updating chat messages e7292e1682
- DEV: extract updating status on mentions into a lib function e49d338c21
- DEV: Create and update chat message mentions earlier 35a414bb38
- DEV: Create a chat_mention record when self mentioning 2703f2311a
- DEV: When deleting a chat message, do not delete mention records f4fde4e49b
2023-05-24 16:55:20 +04:00
Vinoth Kannan ded6ea66a5
FIX: skip iframe URLs with relative paths in pretty text sanitizer. (#21714)
This commit prevents unallowed URLs in iframe src by adding a relative path like `https://bob.com/abc/def/../ghi`. Currently, the iframe linking to the site uses the current_user, not the post's author, so users who have no access to a certain path are not able to view anything they shouldn't.
2023-05-24 16:14:18 +05:30
Canapin 69274cdb88
UX: Add show password on mobile login modal (#21003)
* UX: Add show password on mobile login modal

* Update app/assets/javascripts/discourse/app/templates/mobile/modal/login.hbs

Co-authored-by: Jarek Radosz <jradosz@gmail.com>

---------

Co-authored-by: Jarek Radosz <jradosz@gmail.com>
2023-05-24 12:40:36 +02:00
Loïc Guitaut 4ea396e67c DEV: Bump the limits on group request text fields
Users submitting requests to join groups were not receiving errors when
the character limit for the request was exceeded. This also affects the
UX when admin-created group request templates are inserted into the
request.

This patch bumps the limits.

- https://meta.discourse.org/t/group-membership-requests-suddenly-limited-to-274-characters/265127
- https://github.com/discourse/discourse/pull/19993
2023-05-24 09:57:46 +02:00
dependabot[bot] d7aad72859
Build(deps-dev): Bump terser from 5.17.5 to 5.17.6 in /app/assets/javascripts (#21709)
Bumps [terser](https://github.com/terser/terser) from 5.17.5 to 5.17.6.
- [Changelog](https://github.com/terser/terser/blob/master/CHANGELOG.md)
- [Commits](https://github.com/terser/terser/compare/v5.17.5...v5.17.6)

---
updated-dependencies:
- dependency-name: terser
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-05-24 11:44:25 +08:00
dependabot[bot] c0091c25d0
Build(deps): Bump socket.io-parser from 4.2.1 to 4.2.3 in /app/assets/javascripts (#21710)
Bumps [socket.io-parser](https://github.com/socketio/socket.io-parser) from 4.2.1 to 4.2.3.
- [Release notes](https://github.com/socketio/socket.io-parser/releases)
- [Changelog](https://github.com/socketio/socket.io-parser/blob/main/CHANGELOG.md)
- [Commits](https://github.com/socketio/socket.io-parser/compare/4.2.1...4.2.3)

---
updated-dependencies:
- dependency-name: socket.io-parser
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-05-24 11:44:05 +08:00
Canapin d537265ddd
UX: improve edit history display (#21474) 2023-05-24 08:59:13 +08:00
Alan Guo Xiang Tan e880ede3d8
DEV: Add experimental plugin API to replace tag icon in sidebar (#21675)
Why this change?

This change allows plugins or themes to replace the tag icon in the
sidebar. The color of the icon can be customised as well.

However, do note that this change is marked experimental as we intend to
support custom icons for tags in the near term as part of Discourse core.
Therefore, the plugin API will become obsolete once that happens and we
are marking it experimental to avoid having to deprecate it.
2023-05-24 08:50:54 +08:00
Krzysztof Kotlarek 2aa5fc927e
FIX: allow published pages to be added to sidebar (#21687)
Custom sidebar sections should accept publish pages with URL `/pub/*`. Similarly to `/my/activity` links.
2023-05-24 08:59:19 +10:00
Kris 5dd89e0b70
UX: iPad footer nav now included in header offset (#21699) 2023-05-23 17:49:19 -04:00
Blake Erickson b637249169
FIX: Video thumbnails can have duplicates (#21681)
* FIX: Video thumbnails can have duplicates

It's possible that a duplicate video or even a very similar video could
generate the same video thumbnail. Because video thumbnails are mapped
to their corresponding video by using the video sha1 in the thumbnail
filename we need to allow for duplicate thumbnails otherwise even when a
thumbnail has been generated for a topic it will not be mapped
correctly.

This will also allow you to re-upload a video on the same topic to
regenerate the thumbnail.

* fix typo
2023-05-23 09:00:09 -06:00
Faizaan Gagan d1334a7aaf
FIX: consider users.created_at for inactive cleanup (#21688) 2023-05-23 13:41:23 +05:30
Martin Brennan 0b3cf83e3c
FIX: Do not cook icon with hashtags (#21676)
This commit makes some fundamental changes to how hashtag cooking and
icon generation works in the new experimental hashtag autocomplete mode.
Previously we cooked the appropriate SVG icon with the cooked hashtag,
though this has proved inflexible especially for theming purposes.

Instead, we now cook a data-ID attribute with the hashtag and add a new
span as an icon placeholder. This is replaced on the client side with an
icon (or a square span in the case of categories) on the client side via
the decorateCooked API for posts and chat messages.

This client side logic uses the generated hashtag, category, and channel
CSS classes added in a previous commit.

This is missing changes to the sidebar to use the new generated CSS
classes and also colors and the split square for categories in the
hashtag autocomplete menu -- I will tackle this in a separate PR so it
is clearer.
2023-05-23 09:33:55 +02:00
Canapin ecb9a27e55
UX: improve tags spacing (#21585) 2023-05-23 09:52:15 +08:00
dependabot[bot] 54890dcb22
Build(deps-dev): Bump @babel/standalone from 7.21.8 to 7.21.9 in /app/assets/javascripts (#21683)
Bumps [@babel/standalone](https://github.com/babel/babel/tree/HEAD/packages/babel-standalone) from 7.21.8 to 7.21.9.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.21.9/packages/babel-standalone)

---
updated-dependencies:
- dependency-name: "@babel/standalone"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-05-23 08:14:49 +08:00
dependabot[bot] 4a1eee865e
Build(deps-dev): Bump terser from 5.17.4 to 5.17.5 in /app/assets/javascripts (#21682)
Bumps [terser](https://github.com/terser/terser) from 5.17.4 to 5.17.5.
- [Changelog](https://github.com/terser/terser/blob/master/CHANGELOG.md)
- [Commits](https://github.com/terser/terser/compare/v5.17.4...v5.17.5)

---
updated-dependencies:
- dependency-name: terser
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-05-23 08:14:31 +08:00
Krzysztof Kotlarek 75417be528
DEV: edited links are set in specific order (#21665)
Update section endpoint already exists. However, it has to also respect order of links.
2023-05-23 10:00:46 +10:00
Krzysztof Kotlarek 7ead8de232
DEV: endpoint to reset community community-section (#21664)
In upcoming PRs, admins will be able to edit the Community section. We need an endpoint which allows resetting it to the default state.
2023-05-23 09:53:32 +10:00
Jordan Vidrine 984a616204
Button research (#21621) 2023-05-22 16:03:34 -05:00
Faizaan Gagan a58c37bdc5
FIX: allow admin to change topic notification level via API (#21581)
* FIX: allow admin to change topic notification level via API

* default to `current_user` if admin changes own level

* check param existence

* simplify condition

* remove rescue

* Update spec/requests/topics_controller_spec.rb

Co-authored-by: Penar Musaraj <pmusaraj@gmail.com>

* added specs for other cases

---------

Co-authored-by: Penar Musaraj <pmusaraj@gmail.com>
2023-05-23 00:47:58 +05:30
Faizaan Gagan efdfddf7fc
FIX: consider users with trashed topics/posts for inactive cleanup (#21678)
* FIX: consider users with trashed topics/posts for inactive cleanup

* defer checking for missing associations
2023-05-23 00:26:24 +05:30
Natalie Tay 07061410d8
FIX: Anonymizing a user clears their user status too (#21673) 2023-05-22 13:18:09 +08:00
Alan Guo Xiang Tan 95358062fc
DEV: Marking `registerCustomCategorySectionLinkLockIcon` as experimental (#21674)
This might soon become a first class feature in Discourse core in the
short term  so marking it as experimental for now to bridge
certain Discourse own-ed plugins and themes.
2023-05-22 13:16:53 +08:00
Alan Guo Xiang Tan 33864ab18f
DEV: Add experimental registerCustomCategorySectionLinkPrefix api (#21656)
This commit adds the experimental `registerCustomCategorySectionLinkPrefix` client side
plugin API that allows themes or plugins to override the prefix of a
category section link.

This is marked experimental because we might be introducing a core
feature where category icons are supported. This is currently use as a
bridge for the https://github.com/discourse/discourse-category-icons
theme component.
2023-05-22 10:16:22 +08:00
Alan Guo Xiang Tan 27e065fc1f
DEV: Remove `prefixElementColors` args for section link component (#21653)
The less arguments we have the less complicated it is to use the
component
2023-05-22 09:28:32 +08:00
dependabot[bot] c13683e8d0
Build(deps-dev): Bump eslint from 8.40.0 to 8.41.0 in /app/assets/javascripts (#21672)
Bumps [eslint](https://github.com/eslint/eslint) from 8.40.0 to 8.41.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v8.40.0...v8.41.0)

---
updated-dependencies:
- dependency-name: eslint
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-05-22 08:42:39 +08:00
Keegan George 2ebe7db3c6
DEV: `.quick-access-profile` no longer exists (#21663) 2023-05-20 17:47:04 +10:00
Juan David Martínez Cubillos 774313ef0f
FIX: Fix for Default to subcategory when parent category does not allow posting (#21537)
* FIX: Fix for Default to subcategory when parent category does not allow posting

* added tests for edge case scenario

* implemented correct behaviour when parent category doesn't have subcategories

* implemented new fabricator for categories and suggested changes
2023-05-19 07:37:23 -05:00
Jarek Radosz 0ffe463d79
DEV: Resolve a sinon/webpack warning (#21659) 2023-05-19 12:48:36 +02:00
Jarek Radosz 48987af324
DEV: Use `templateName` instead of `renderTemplate()` (#21517)
`renderTemplate()` is deprecated and has been removed in Ember 4.0
2023-05-19 11:14:38 +02:00
dependabot[bot] f62904715f
Build(deps-dev): Bump sinon in /app/assets/javascripts (#21649) 2023-05-19 09:15:01 +02:00
dependabot[bot] 5f16db24fc
Build(deps-dev): Bump @embroider/test-setup in /app/assets/javascripts (#21650) 2023-05-19 09:14:26 +02:00
Alan Guo Xiang Tan bc58ee5f85
FIX: Clicking on edited notification should open edit history modal (#21631)
This is a regression introduced when we redesigned the user menu
2023-05-19 13:55:43 +08:00
Alan Guo Xiang Tan 9951493129
DEV: Add `registerCustomCategorySectionLinkLockIcon` plugin API (#21655)
New client side plugin API that allows plugins or themes to customize
the fontawesome 5 icon used to indicate that a category is locked/read
restricted.
2023-05-19 11:56:21 +08:00
Alan Guo Xiang Tan b183b997fb
UX: Add custom section button should not be shown to anon users (#21651) 2023-05-19 09:31:25 +08:00
Kris f8ee839bfb
DEV: add plugin outlet to share sources (#21646) 2023-05-18 16:10:44 -04:00
Ella E 219fd7bb42
UX: tweak on logo size to make sure it's not too small on small screen (#21644) 2023-05-18 13:11:53 -06:00
Bianca Nenciu 5654aedd75
UX: Remove welcome topic admin tip and tweak copy (#21593)
The welcome topic user tip was for admins only, but in general, user
tips should be used for guiding new users through the features that
Discourse offers. For this reason, we decided to remove the user tip.

This commit also includes a few more copy tweaks to the welcome topic.
2023-05-18 16:38:04 +03:00
Jarek Radosz edbfe91623
DEV: Re-add above-static and below-static outlets (#21635)
They were a part of now-removed static template
2023-05-18 15:32:15 +02:00
Bianca Nenciu f0ec1fad8c
FIX: Update category tag stats with new or deleted (#21531)
The old method updated only existing records, without considering that
new tags might have been created or some tags might not exist anymore.
This was usually not a problem because the stats were also updated by
other code paths.

However, the ensure consistency job should be more solid and help when
other code paths fail or after importing data.

Also, update category tag stats too should happen when updating other
category stats as well.
2023-05-18 12:46:44 +03:00
dependabot[bot] 809bab5782
Build(deps-dev): Bump @embroider/test-setup in /app/assets/javascripts (#21626)
Bumps [@embroider/test-setup](https://github.com/embroider-build/embroider/tree/HEAD/packages/test-setup) from 2.1.1 to 3.0.0.
- [Release notes](https://github.com/embroider-build/embroider/releases)
- [Changelog](https://github.com/embroider-build/embroider/blob/main/CHANGELOG.md)
- [Commits](https://github.com/embroider-build/embroider/commits/HEAD/packages/test-setup)

---
updated-dependencies:
- dependency-name: "@embroider/test-setup"
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-05-18 11:07:04 +02:00
Martin Brennan 341f87efb7
FIX: Show gif upload size limit error straight away (#21633)
When uploading images via direct to S3 upload, we were
assuming that we could not pre-emptively check the file
size because the client may do preprocessing to reduce
the size, and UploadCreator could also further reduce the
size.

This, however, is not true of gifs, so we would have an
issue where you upload a gif > the max_image_size_kb
setting and had to wait until the upload completed for
this error to show.

Now, instead, when we direct upload gifs to S3, we check
the size straight away and present a file size error to
the user rather than making them wait. This will increase
meme efficiency by approximately 1000%.
2023-05-18 10:36:34 +02:00
dependabot[bot] 86c2f461b0
Build(deps): Bump webpack in /app/assets/javascripts (#21625)
Bumps [webpack](https://github.com/webpack/webpack) from 5.82.1 to 5.83.1.
- [Release notes](https://github.com/webpack/webpack/releases)
- [Commits](https://github.com/webpack/webpack/compare/v5.82.1...v5.83.1)

---
updated-dependencies:
- dependency-name: webpack
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-05-18 16:51:22 +10:00
Alan Guo Xiang Tan 4ec9a947dc
UX: Improve display of short site description in header dropdown (#21628) 2023-05-18 10:16:21 +08:00
Kris 14ad0b39f1
UX: include custom headers in `--header-offset` (#21059) 2023-05-17 17:37:56 -04:00
Roman Rizzi d2516f39c3
DEV: Option to always hide warning in the coposer (#21618) 2023-05-17 15:59:43 -03:00
Keegan George 515529cd34
UX: Show fast edit at top of window on mobile (#21590) 2023-05-17 09:30:29 -07:00
Keegan George 082821c754
DEV: Remove legacy user menu (#21308) 2023-05-17 09:16:42 -07:00
dependabot[bot] e7779615e6
Build(deps): Bump @ember/string in /app/assets/javascripts (#21601)
Bumps [@ember/string](https://github.com/emberjs/ember-string) from 3.1.0 to 3.1.1.
- [Release notes](https://github.com/emberjs/ember-string/releases)
- [Changelog](https://github.com/emberjs/ember-string/blob/master/CHANGELOG.md)
- [Commits](https://github.com/emberjs/ember-string/compare/v3.1.0...v3.1.1)

---
updated-dependencies:
- dependency-name: "@ember/string"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-05-17 10:42:20 +02:00
dependabot[bot] bc82490e6e
Build(deps-dev): Bump terser in /app/assets/javascripts (#21600)
Bumps [terser](https://github.com/terser/terser) from 5.17.3 to 5.17.4.
- [Changelog](https://github.com/terser/terser/blob/master/CHANGELOG.md)
- [Commits](https://github.com/terser/terser/compare/v5.17.3...v5.17.4)

---
updated-dependencies:
- dependency-name: terser
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-05-17 10:41:39 +02:00
Ted Johansson 445196399d
FIX: Remove obsolete references to lounge category (#21607)
### What is this change?

The lounge category was replaced with the general category in https://github.com/discourse/discourse/pull/18097.

However, there are still a few references to the lounge category in code. In particular, `Category#seeded?` is erroring out in production looking for `SiteSetting.lounge_category_id`.
2023-05-17 16:34:14 +08:00
Ted Johansson a2bc24456f
DEV: Update call sites using BaseStore#download but expecting exceptions (#21551)
In #21498, we split `BaseStore#download` into a "safe" version which returns nil on errors, and an "unsafe" version which raises an exception, which was the old behaviour of `#download`.

This change updates call sites that used the old `#download`, which raised exceptions, to use the new `#download!` to preserve behaviour (and silence deprecation warnings.)

It also silences the deprecation warning in tests.
2023-05-17 16:03:33 +08:00
Alan Guo Xiang Tan c991b8f6a0
UX: Sections not collapsable in "header dropdown" navigation menu (#21604)
What is the problem?

This is a follow up to 4cca7de22d. In the
commit, CSS was used to disable the collapsing of sections in the header
dropdown navigation menu when the `navigation_menu` site setting is set
to `header dropdown`. However, using CSS is not the correct approach as
the underlying code is still marking the section as collapsable which
means that the sections will still be displayed as collapsed with no way
to "uncollapse" if the local store has already marked the section as
collapsed.

What is the fix?

This commit removes the usage of CSS to hide the collapsabe button and
instead correctly marks the section as not collapsable in the code.
2023-05-17 14:28:09 +08:00
Alan Guo Xiang Tan 5878535606
FIX: Searching for svg sprite icons connecting to default database (#21605)
What is the problem?

In `SvgSpriteController#search` and `SvgSpriteController#icon_picker_search`, the controller actions
was using the `RailsMultisite::ConnectionManagement.with_hostname` API
but `params[:hostname]` was always `nil` because the routes does not
have a `:hostname` param component and the client does not ever pass the
`:hostname` param when making the request. When `RailsMultisite::ConnectionManagement.with_hostname` is
used with a `nil` argument, it ends up connecting to the default
multisite database. Usually this would be bad because we're allowing a
site in a multisite setup to connect to another site but thankfully no
private data is being leaked here.

What is the fix?

Since `SvgSpriteController#search` and `SvgSpriteController#icon_picker_search` are login required route,
there is no need for us to switch database connections. The fix here is
to simply remove the use of `RailsMultisite::ConnectionManagement.with_hostname`.
2023-05-17 14:25:06 +08:00
Alan Guo Xiang Tan bf64a184ea
FIX: Clear topic list cache after archiving a PM (#21602)
Context of the problem

When viewing the topic list for either the personal inbox or the group
PM inbox, we store a cache of the topic list if the user has loaded more
topics in the topic list. This cache is used to improve the experience
for users so that navigating to a topic and then back would not make
them lose their "last read" position in the topic list. Without this
cache, users will have to start from the top of the topic list each time
they navigate back after reading a topic.

What is the problem?

After archiving a PM, the user is redirected to either the personal
inbox or the group PM inbox. The problem is that if a topic list cache
exists, we will render the topic list using the cache. However, this
means that the archived PM will still appear in the list leading to
confusion for our users.

What is the fix?

To fix this, we will simply clear the topic list cache after a user
archives a topic.
2023-05-17 14:23:23 +10:00
Angus McLeod 338bd13213
DEV: Use composerEventPrefix in the composer editor (#21480) 2023-05-16 19:06:20 +01:00
Jarek Radosz dec38e2daf
DEV: Add support for array params in topic-list finder (#21578)
It wasn't possible (at least in any reasonable way) to pass params like `tags`. Also removes the export and inlines the function as that was used only to test the function and the test is gone.
2023-05-16 19:49:38 +02:00
David Taylor e8ee2285be
DEV: Use `@cached` decorator for `sidebar/user/sections.js` (#21556)
Achieves the same thing as the old manual caching
2023-05-16 18:21:21 +01:00
Penar Musaraj f6670aecfd
DEV: Fix preview sanitization test (#21521)
This test was passing, but the environment it was testing was incorrect.
The `image-controls` markdown rule allowlists several svgs when previewing.
But since `previewing: true` is only set on the parent `ComposerEditor`
component, the test in `DEditor` wasn't aware of that, so the output was
ignoring the `previewing` option.

This moves the test one level higher, to `ComposerEditor`, and because
now `previewing: true` is correctly used, it updates the test to show
that the svg element is present, but an `onload` attributes is stripped.
2023-05-16 11:06:05 -04:00
Penar Musaraj 06ea37e591
A11Y: Improve select-kit accessibility (take 2) (#21530)
Same as #214500 but fixes an issue with mobile navigation in some cases.
2023-05-16 09:57:50 -04:00
Jarek Radosz 5d386653c4
DEV: Clean up store-test (#21576)
* Use native getters
* Use `assert.true`/`assert.false`
* Improve some assertions
2023-05-16 12:10:58 +02:00
dependabot[bot] de4efc2b8f
Build(deps): Bump @ember/string in /app/assets/javascripts (#21569)
Bumps [@ember/string](https://github.com/emberjs/ember-string) from 3.0.1 to 3.1.0.
- [Release notes](https://github.com/emberjs/ember-string/releases)
- [Changelog](https://github.com/emberjs/ember-string/blob/master/CHANGELOG.md)
- [Commits](https://github.com/emberjs/ember-string/compare/v3.0.1...v3.1.0)

---
updated-dependencies:
- dependency-name: "@ember/string"
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-05-16 11:24:25 +02:00
Sam e63e193a0a
FEATURE: Fuzzy search in site settings and raise limit to 100 matches (#21572)
We have been struggling lately finding site settings due to 30 setting limit

This was introduced for performance reasons a while back but is no longer as
needed given that ember is faster.

Additionally searching is hard, so allow people to use fuzzy search against
setting name.
2023-05-16 18:23:05 +10:00
Alan Guo Xiang Tan b596e54a39
DEV: Use components to manage custom sidebar sections lifecycle (#21574)
What is the problem?

Previously the `sections` getter was initializing duplicate `lib/sidebar/(community-)section` instances every time it was evaluated. This change in identity was causing Ember's `{{#each` helper to totally rerender every section whenever the getter was evaluated.

What is the fix?

This commit refactors things to lean on Ember's components for state/lifecycle management. The `{{#each` loop is done over the source data, which is guaranteed to only change identity when there is a real config change. Individual section components are initialized for each section, and are responsible for constructing and tearing down their own `lib/sidebar/(community-)section` instances.

This commit also updates `lib/sidebar/(community-)section` to support service injection rather than passing service references around.

Co-authored-by: David Taylor <david@taylorhq.com>
2023-05-16 11:47:59 +08:00
David Taylor 7962202c64
FIX: Ensure modal alert is hidden when empty (#21565)
We use the `:empty` css selector on `#modal-alert`, so we need to strip any whitespace from the contents to ensure the selector functions correctly. Followup to ad431ab03a
2023-05-16 01:19:53 +01:00
David Taylor ee537a7ac1
FIX: Hide d-modal during page load (#21563)
Followup to 4bc769cac0
2023-05-15 21:43:21 +01:00
Sérgio Saquetim 21ec70b509
FIX: Miscellaneous tagging errors (#21490)
* FIX: Displaying the wrong number of minimum tags in the composer

When the minimum number of tags set for the category is larger than the minimum number of tags
set in the category tag-groups, the composer was displaying the wrong value.

This commit fixes the value displayed in the composer to show the max value between the required
for the category and the tag-groups set for the category.

This bug was reported on Meta in https://meta.discourse.org/t/tags-from-multiple-tag-groups-required-only-suggest-select-at-least-one-tag/263817

* FIX: Limiting tags in categories not working as expected

When a category was restricted to a tag group A, which was set to only allow
one tag from the group per topic, selecting a tag belonging only to A returned
other tags from A that also belonged to other group/s (if any).

Example:

Tag group A: alpha, beta, gamma, epsilon, delta
Tag group B: alpha, beta, gamma

Both tag groups set to only allow one tag from the group per topic.

If Category 1 was set to only allow tags from the tag group A, and the first tag
selected was epsilon, then, because they also belonged to tag group B, the tags
alpha, beta, and gamma were still returned as valid options when they should not be.

This commit ensures that once a tag from a tag group that restricts its tags to
one per topic is selected, no other tag from this group is returned.

This bug was reported on Meta in https://meta.discourse.org/t/limiting-tags-to-categories-not-working-as-expected/263143.

* FIX: Moving topics does not prompt to add required tag for new category

When a topic moved from a category to another, the tag requirements
of the new category were not being checked.

This allowed a topic to be created and moved to a category:

- that limited the tags to a tag group, with the topic containing tags
not allowed.
- that required N tags from a tag group, with the topic not containing
the required tags.

This bug was reported on Meta in https://meta.discourse.org/t/moving-tagged-topics-does-not-prompt-to-add-required-tag-for-new-category/264138.

* FIX: Editing topics with tag groups from parents allows incorrect tagging

When there was a combination between parent tags defined in a tag group
set to allow only one tag from the group per topic, and other tag groups
relying on this restriction to combine the children tag types with the
parent tag, editing a topic could allow the user to insert an invalid
combination of these tags.

Example:

Automakers tag group: landhover, toyota
  - group set to limit one tag from the group per topic

Toyota models group: land-cruiser, hilux, corolla

Landhover models group: evoque, defender, discovery

If a topic was initially set up with the tags toyota, land-cruiser it was
possible to edit it by removing the tag toyota and adding the tag landhover
and other landhover model tags like evoque for example.

In this case, the topic would end up with the tags toyota, land-cruiser,
landhover, evoque because Discourse will automatically insert the
missing parent tag toyota when it detects the tag land-cruiser.

This combination of tags would violate the restriction specified in
the Automakers tag group resulting in an invalid combination of tags.

This commit enforces that the "one tag from the group per topic"
restriction is verified before updating the topic tags and also
make sure the verification checks the compatibility of parent tags that
would be automatically inserted.

After the changes, the user will receive an error similar to:
The tags land-cruiser, landhover cannot be used simultaneously.
Please include only one of them.
2023-05-15 17:19:41 -03:00
David Taylor 4bc769cac0
DEV: Control modal 'hidden' with Ember (#21562)
Moving all control of 'hidden' into Ember will resolve issues we're seeing with Ember fighting against manual DOM manipulation (both vanilla JS and JQuery).

Looking up `controller:modal` from components is not ideal. However, the next step in the refactoring is to create a modal 'service' which will be able to injected into components cleanly.
2023-05-15 20:48:00 +01:00
Bianca Nenciu 78022e7a5f
FEATURE: Show user cards for inactive users (#21387)
It used to return 404 which made the user card render and then quickly disappear.
2023-05-15 21:45:26 +03:00
Jarek Radosz e25468b2ca
DEV: Use `@cached` decorator in `user-menu/menu` (#21558) 2023-05-15 20:40:08 +02:00
David Taylor 35f29bd25b DEV: Document `showModal`, allow setting more config via DModalBody
Having these things configured at the invocation of showModal is a strange API, and means that any changes to the modal require updating the call sites. It makes much more sense for these to be defined as part of the modal's own template. This was already supported for many of the properties. This commit adds support for the `modalClass` and `titleAriaElementId` config to be passed to DModalBody.

For now there is no deprecation message. Support for passing these things to `showModal` will be dropped as part of an upcoming conversion of modals from controllers to components.
2023-05-15 13:43:01 +01:00
David Taylor f2482b5daa DEV: Replace modal 'maxHeight' calculation with css 2023-05-15 13:43:01 +01:00
David Taylor ad431ab03a DEV: Refactor modal 'flash' to avoid direct DOM manipulation 2023-05-15 13:43:01 +01:00
David Taylor 771c4de7f1 DEV: Convert d-modal and d-modal-body to glimmer components 2023-05-15 13:43:01 +01:00
David Taylor 11e7e949b7 DEV: Convert d-modal and d-modal-body to native class syntax 2023-05-15 13:43:01 +01:00
Joffrey JAFFEUX 5ce0697348
FIX: limits max height to viewport on channel only (#21539)
Before this commit chat was applying a fixed height on everything under the `/chat` route. It's only really needed on the channel page with the composer at the bottom of the page.

This commits makes the following changes:
- moves height limitation from `#main-outlet-wrapper` to `.chat-channel`
- makes browse channel page and members list page full height and rely on main document scrollbar
- adds height computation for draft header and direct message creator block to ensure the height is correct when creating a draft channel
- makes chat index full height to rely on the browser scrollbar. As a result the <kbd> + </kbd> button used on mobile to create a direct message as been moved out of `<ChannelsList>` into the chat index template
- sidebar height was relying on chat setting a max height, as a result the height computation of sidebar has been changed to work correctly, especially with an opened keyboard on mobile or ipad
2023-05-15 11:46:33 +02:00
Bianca Nenciu 9a2780397f
FIX: Handle all UTF-8 characters (#21344)
Watched words were converted to regular expressions containing \W, which
handled only ASCII characters. Using [^[:word]] instead ensures that
UTF-8 characters are also handled correctly.
2023-05-15 12:45:04 +03:00
Loïc Guitaut d63ce56252 DEV: Set limit for Invite#custom_message 2023-05-15 09:55:28 +02:00
Loïc Guitaut b81c13280a DEV: Set limits for text fields on BadgeGrouping 2023-05-15 09:54:54 +02:00
Alan Guo Xiang Tan 1106e4ad09
FIX: Sidebar custom sections rendering perf degrades over time (#21552)
What is the problem?

The main problem here is that we were incorrectly registering the same `onStateChange` callback with `TopicTrackingState`
each time a user reads a post. When a user reads a post, the state in `TopicTrackingState` is updated and it triggers all
the `onStateChange` callbacks which have been registered. In the `CommunitySection` class, we register a callback which
would then call the `onTopicTrackingStateChange` method for each link in the class. For the `EverythingSectionLink` class,
this would lookup the state in `TopicTrackingState` to get a new count of unread/new topics and update the `totalUnread` and
`totalNew` properties which are tracked. For some reason that I have yet to figure out, updating the either of the tracked properties
would result in Ember rerendering the entire `{{#each this.sections as |section|}}` in `component/sidebar/user/custom-sections.hbs`
template. Note that `this.sections` refers to a `@cached` getter in the `SidebarUserCustomSections` class. The problem is that
the `sections` getter is initializing a new bunch of sidebar sections related classes without calling the teardown function.
As a result, we end up registering new `onStateChange` callbacks in `TopicTrackingState` in `CommunitySection` without
removing the old ones. Over time, the number of callbacks build up and we end up slowing down the application. While we do
not know the reason why defining a getter for the `sections` is causing the entire block to re-render, I realized that
it is dangerous to use a getter for `sections` here since we have very little control on when the cached is broken.

Instead, I moved the `sections` getter to a tracked property instead where the property is updated via `appEvents`. With
this change, updating the tracked properties in `EverythingSectionLink` is no longer triggering a complete re-render of the
said block above. We also now call `teardown` on the section objects that has been initialised before updating the `sections`
property.
2023-05-15 15:43:41 +08:00
Loïc Guitaut 9f283eb836
DEV: Set a limit for ApiKey#description (#21502) 2023-05-15 14:12:25 +10:00
Kris f160f073b0
FIX: addNavigationBarItem api example (#21510)
* FIX: addNavigationBarItem api example

* Update app/assets/javascripts/discourse/app/lib/plugin-api.js

Co-authored-by: Jarek Radosz <jradosz@gmail.com>

---------

Co-authored-by: Sam <sam.saffron@gmail.com>
Co-authored-by: Jarek Radosz <jradosz@gmail.com>
2023-05-15 14:11:42 +10:00
Sam e9efeea264
FIX: composer should be sending metaData (#21546)
An extensibility point we support server side is setting meta_data
(topic / post custom fields) with the composer payload.

Previous to this change even though we had a lot of setup code we never
actually sent the payload.

This ensures that on create we send meta_data.
2023-05-15 14:08:54 +10:00
Bianca Nenciu b32cdb0880
FIX: Refresh site when enable_user_tips changes (#21489)
Without refresh, no user tip will be shown and Site.user_tips is not
properly populated either.
2023-05-12 18:44:41 +03:00
Bianca Nenciu b73a9a1faa
UX: Various improvements to welcome topic CTA (#21010)
- Update welcome topic copy
- Edit the welcome topic automatically when the title or description changes
- Remove “Create your Welcome Topic” banner/CTA
- Add "edit welcome topic" user tip
2023-05-12 17:09:40 +03:00
David Taylor 177651fdbb
FIX: Avoid double-encoding featured topic title in user profile (#21507)
a373bf2 updated the behavior of replace-emoji so that the input is treated as unsafe-by-default. fancy_title is already escaped, so we need to mark it as html-safe to avoid it being double-escaped.

There is no need to html-safe the result of replace-emoji - it's already done as part of the helper.
2023-05-12 10:11:59 +01:00
Ted Johansson 07f87ff7a8
DEV: Strictly filter tag search limit parameter input (#21524)
### What is the problem?

It is possible to pass an arbitrary value to the limit parameter in `TagsController#search`, and have it flow through `DiscourseTagging.filter_allowed_tags` where it will raise an error deep in the database driver. MiniSql ensures there's no injection happening, but that ultimately results in an invalid query.

### How does this fix it?

This change checks more strictly that the parameter can be cleanly converted to an integer by replacing the loose `#to_i` conversion semantics with the stronger `Kernel#Integer` ones.

**Example:**

```ruby
"1; SELECT 1".to_i
#=> 1

Integer("1; SELECT 1")
#=> ArgumentError
```

As part of the change, I also went ahead to disallow a limit of "0", as that doesn't seem to be a useful option. Previously only negative limits were disallowed.
2023-05-12 16:49:14 +08:00
Ted Johansson 59867cc091
DEV: Gracefully handle user avatar download SSRF errors (#21523)
### Background

When SSRF detection fails, the exception bubbles all the way up, causing a log alert. This isn't actionable, and should instead be ignored. The existing `rescue` does already ignore network errors, but fails to account for SSRF exceptions coming from `FinalDestination`.

### What is this change?

This PR does two things.

---

Firstly, it introduces a common root exception class, `FinalDestination::SSRFError` for SSRF errors. This serves two functions: 1) it makes it easier to rescue both errors at once, which is generally what one wants to do and 2) prevents having to dig deep into the class hierarchy for the constant.

This change is fully backwards compatible thanks to how inheritance and exception handling works.

---

Secondly, it rescues this new exception in `UserAvatar.import_url_for_user`, which is causing sporadic errors to be logged in production. After this SSRF errors are handled the same as network errors.
2023-05-12 15:32:02 +08:00
Blake Erickson bd6e487df0
FIX: Allow integer group_ids for create invite api (#21494)
This fixes a bug in the create invite API where if you passed in an
integer for the group_ids field it would fail to add the user to the
specified group.
2023-05-11 11:39:33 -06:00
Jarek Radosz ce5430adc1
DEV: Rework `static` controllers/routes (#19466)
The issues fixed:

1. Previously all static pages (e.g. login-required landing page, /tos, /privacy, forgot-password) were wrapped in the faq-read-tracking component
2. All these pages shared one controller with methods that were relevant to one route
3. There were two route-generating functions: `static-route-builder` and `build-static-route` 🤣 
4. They were using the deprecated `renderTemplate()` API
5. A slight misuse of Ember API (`controllerFor()`)
6. Small mark-faq-read related bugs
2023-05-11 19:02:11 +02:00
dependabot[bot] f494e54128
Build(deps): Bump webpack in /app/assets/javascripts (#21496)
Bumps [webpack](https://github.com/webpack/webpack) from 5.82.0 to 5.82.1.
- [Release notes](https://github.com/webpack/webpack/releases)
- [Commits](https://github.com/webpack/webpack/compare/v5.82.0...v5.82.1)

---
updated-dependencies:
- dependency-name: webpack
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-05-11 17:27:09 +02:00
Ted Johansson b837459e1d
DEV: Add both safe and unsafe Discourse.store.download methods (#21498)
* DEV: Add both safe and unsafe Discourse.store.download methods

* DEV: Update call sites that can use the safe store download method
2023-05-11 17:27:27 +08:00
Juan David Martínez Cubillos 83d2f9ef78
FEATURE: Default to subcategory when parent category does not allow posting (#21228)
added site toggle functionality through site settings

added tests to implemented feature

Introduced suggested correction

renamed find_new_topic method and deleted click_new_topic_button method
2023-05-10 12:34:39 -05:00
Bianca Nenciu d3a5a493fa
DEV: Add configurable? helper to Plugin::Instance (#21472)
This reapplies commit 3073e5cfb0, with
a fix that makes sure that plugins can be looked up both by the name
present in metadata and directory name.
2023-05-10 16:21:48 +03:00
dependabot[bot] d65c37366e
Build(deps-dev): Bump terser in /app/assets/javascripts (#21463)
Bumps [terser](https://github.com/terser/terser) from 5.17.2 to 5.17.3.
- [Changelog](https://github.com/terser/terser/blob/master/CHANGELOG.md)
- [Commits](https://github.com/terser/terser/compare/v5.17.2...v5.17.3)

---
updated-dependencies:
- dependency-name: terser
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-05-10 15:05:39 +02:00
David Taylor 56995e40c2
Revert "A11Y: Improve select-kit accessibility (#21400)" (#21468)
This reverts commit e8aea3c558. This introduced some errors during navigation on mobile. Reverting while we investigate
2023-05-10 11:45:17 +01:00
Joffrey JAFFEUX 3727c95f6f
Revert "DEV: Add configurable? helper to Plugin::Instance (#20767)" (#21469)
This reverts commit 3073e5cfb0.
2023-05-10 12:41:55 +02:00
Bianca Nenciu 3073e5cfb0
DEV: Add configurable? helper to Plugin::Instance (#20767)
This can be used to forcibly disable plugins.
2023-05-10 13:16:37 +03:00
David Battersby a19027afae
FIX: show 404 on new category page for moderators when Site Setting disabled (#21448)
Currently the /new-category url can be accessed by moderators, regardless of whether the Site Setting for moderators_manage_categories_and_groups is true or false.

On top of this, non authorized users can also access this page but shows errors (no 404 loaded).

Since the 404 redirect happens within Ember, we need to allow the site setting value to be accessed within JS. 

After this change all non admin users will see a 404 for this route, the exception being moderators if the moderators_manage_categories_and_groups setting has a value of true.

/t/73360
2023-05-10 14:26:49 +08:00
David Battersby 5d8632d484
FIX: fallback to composer for non ascii characters (#21465)
The problem
When selecting text and clicking the "Edit" button that pops up, this opens up the Fast Edit dialog.

The fast edit feature doesn't work well with non standard characters (non-ascii). If the user selects a string of text that contains non-ascii characters, sometimes they won't save. It is non-obvious to the user why this is happening. This issue occurs more frequently when editing content that is written in non-english languages, as fast-edit doesn't work well with non-ascii characters. We currently do a global replace on a couple of the more obvious quotation marks when the fast edit dialog attempts to save, but there are too many edge cases for foreign language content.

The solution
We can fix this issue by using a catch-all approach for non-ascii characters before the user clicks the edit button to bring up the fast edit dialog. Then we can fallback to the full composer to edit their text, which has much better support for non-ascii characters.

What does this regex do?
The regex used matches any character that is not within the ASCII range of 0x00 to 0x7F, which includes all control characters and non-ASCII characters.

This regex pattern can be used to match any character that is not a standard ASCII character, such as accented characters, non-Latin characters, and special symbols.
2023-05-10 12:38:28 +08:00
Sam bd32912c5e
FIX: do not allow title stuffing to dominate search (#21464)
We were giving topics with repeated words extra weight in search index.
This meant that it was trivial to stuff words into title to dominate in search
given we search for exact title matches first.

The following tweak means that:

`invite invited invites`
and
`invite some stuff`

Both rank the same for title searching.

Titles are short and punchy, duplicating words should not give special
weight.

Requires a full reindex to take effect.
2023-05-10 11:47:58 +10:00
Kris c6864f8f0f
DEV: add optional `displayName` parameter for `discourse-tag` (#21391) 2023-05-09 17:44:33 -04:00
Martin Brennan 7a1d60c60e
FIX: Likes received count in digest email (#21458)
This commit fixes an issue where the Likes Received notification
count in the user digest email was not affected by the
since/last_seen date for the user, which meant that no matter
how long it had been since the user visited the count was
always constant.

Now instead for the Likes Received count, we only count the
unread notifications of that type since the user was last
seen.
2023-05-09 19:19:26 +02:00