Commit Graph

2453 Commits

Author SHA1 Message Date
dependabot[bot] 7e992cb299
Build(deps): Bump ember-source in /app/assets/javascripts (#18859)
Bumps [ember-source](https://github.com/emberjs/ember.js) from 3.28.9 to 3.28.10.
- [Release notes](https://github.com/emberjs/ember.js/releases)
- [Changelog](https://github.com/emberjs/ember.js/blob/master/CHANGELOG.md)
- [Commits](https://github.com/emberjs/ember.js/compare/v3.28.9...v3.28.10)

---
updated-dependencies:
- dependency-name: ember-source
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-11-03 11:36:08 +00:00
David Taylor 68b4fe4cf8
SECURITY: Expand and improve SSRF Protections (#18815)
See https://github.com/discourse/discourse/security/advisories/GHSA-rcc5-28r3-23rr

Co-authored-by: OsamaSayegh <asooomaasoooma90@gmail.com>
Co-authored-by: Daniel Waterworth <me@danielwaterworth.com>
2022-11-01 16:33:17 +00:00
Alan Guo Xiang Tan 1b56a55f50
DEV: Sidebar default tags and categories are determined at user creation (#18620)
The previous sidebar default tags and categories implementation did not
allow for a user to configure their sidebar to have no categories or
tags. This commit changes how the defaults are applied. When a user is being created,
we create the SidebarSectionLink records based on the `default_sidebar_categories` and
`default_sidebar_tags` site settings. SidebarSectionLink records are
only created for categories and tags which the user has visibility on at
the point of user creation.

With this change, we're also adding the ability for admins to apply
changes to the `default_sidebar_categories` and `default_sidebar_tags`
site settings historically when changing their site setting. When a new
category/tag has been added to the default, the new category/tag will be
added to the sidebar for all users if the admin elects to apply the changes historically.
Like wise when a tag/category is removed, the tag/category will be
removed from the sidebar for all users if the admin elects to apply the
changes historically.

Internal Ref: /t/73500
2022-10-27 06:38:50 +08:00
David Taylor 7e23662a44
DEV: Remove unneeded `templateOnly()` stubs (#18701)
Lone hbs files in the `/components` are automatically assumed to be template-only Glimmer components. The `templateOnly()` stub is only required when templates are in the `/templates/components` directory.
2022-10-21 15:12:53 +01:00
Jarek Radosz 8304f40f84
FIX: Correctly debounce various functions (#18673)
Debouncing inline anonymous functions does not work.

This fixes all instances of that error by extracting the function or using the new `@debounce(delay)` decorator
2022-10-20 13:28:09 +02:00
dependabot[bot] 2bbacb69a7
Build(deps): Bump ember-auto-import in /app/assets/javascripts (#18618)
Bumps [ember-auto-import](https://github.com/ef4/ember-auto-import/tree/HEAD/packages/ember-auto-import) from 2.4.2 to 2.4.3.
- [Release notes](https://github.com/ef4/ember-auto-import/releases)
- [Changelog](https://github.com/ef4/ember-auto-import/blob/main/packages/ember-auto-import/CHANGELOG.md)
- [Commits](https://github.com/ef4/ember-auto-import/commits/v2.4.3/packages/ember-auto-import)

---
updated-dependencies:
- dependency-name: ember-auto-import
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-10-16 23:57:28 +02:00
chapoi 7ed87979a2
UX: theme setting highlight update (#18607) 2022-10-15 15:29:37 -05:00
Roman Rizzi 2933baa0ce
A11Y: Signal the toggle header can reorder table elements. (#18597)
While navigating the table, indicate what the button does and if the user pressed it or not. Also, don't lose focus after reordering elements.
2022-10-14 13:28:20 -03:00
Jean 7718ef97cc
DEV: add plugin connectors to the admin user lists table (#18590) 2022-10-13 22:32:48 -04:00
David Taylor f3e956a7a3
FIX: Staff action log 'show details' links (#18542)
Followup to 03b7b7d1bc
2022-10-11 12:17:36 +01:00
chapoi 7009f9c95e
UX: correct colour to nav instead of danger (#18515) 2022-10-08 01:06:20 +02:00
Penar Musaraj a1d67122b1
DEV: Refactor the last few bootbox dialogs (#18416) 2022-10-07 11:38:27 -04:00
Dan Gebhardt 03b7b7d1bc
DEV: Remove usage of {{action}} modifiers - Take 2 (#18476)
This PR enables the [`no-action-modifiers`](https://github.com/ember-template-lint/ember-template-lint/blob/master/docs/rule/no-action-modifiers.md) template lint rule and removes all usages of the `{{action}}` modifier in core.

In general, instances of `{{action "x"}}` have been replaced with `{{on "click" (action "x")}}`. 

In many cases, such as for `a` elements, we also need to prevent default event handling to avoid unwanted side effects. While the `{{action}}` modifier internally calls `event.preventDefault()`, we need to handle these cases more explicitly. For this purpose, this PR also adds the [ember-event-helpers](https://github.com/buschtoens/ember-event-helpers) dependency so we can use the `prevent-default` handler. For instance:

```
<a href {{on "click" (prevent-default (action "x"))}}>Do X</a>
```

Note that `action` has not in general been refactored away as a helper yet. In general, all event handlers should be methods on the corresponding component and referenced directly (e.g. `{{on "click" this.doSomething}}`). However, the `action` helper is used extensively throughout the codebase and often references methods in the `actions` hash on controllers or routes. Thus this refactor will also be extensive and probably deserves a separate PR.

Note: This work was done to complement #17767 by minimizing the potential impact of the `action` modifier override, which uses private API and arguably should be replaced with an AST transform.

This is a followup to #18333, which had to be reverted because it did not account for the default treatment of modifier keys by the {{action}} modifier.

Commits:
* Enable `no-action-modifiers` template lint rule
* Replace {{action "x"}} with {{on "click" (action "x")}}
* Remove unnecessary action helper usage
* Remove ctl+click tests for user-menu
   These tests now break in Chrome when used with addEventListener. As per the comment, they can probably be safely removed.
* Prevent default event handlers to avoid unwanted side effects
   Uses `event.preventDefault()` in event handlers to prevent default event handling. This had been done automatically by the `action` modifier, but is not always desirable or necessary.
* Restore UserCardContents#showUser action to avoid regression
   By keeping the `showUser` action, we can avoid a breaking change for plugins that rely upon it, while not interfering with the `showUser` argument that's been passed.
* Revert EditCategoryTab#selectTab -> EditCategoryTab#select
   Avoid potential breaking change in themes / plugins
* Restore GroupCardContents#showGroup action to avoid regression
   By keeping the `showGroup` action, we can avoid a breaking change for plugins that rely upon it, while not interfering with the `showGroup` argument that's been passed.
* Restore SecondFactorAddTotp#showSecondFactorKey action to avoid regression
   By keeping the `showSecondFactorKey` action, we can avoid a breaking change for plugins that rely upon it, while not interfering with the `showSecondFactorKey` property that's maintained on the controller.
* Refactor away from `actions` hash in ChooseMessage component
* Modernize EmojiPicker#onCategorySelection usage
* Modernize SearchResultEntry#logClick usage
* Modernize Discovery::Categories#showInserted usage
* Modernize Preferences::Account#resendConfirmationEmail usage
* Modernize MultiSelect::SelectedCategory#onSelectedNameClick usage
* Favor fn over action in SelectedChoice component
* Modernize WizardStep event handlers
* Favor fn over action usage in buttons
* Restore Login#forgotPassword action to avoid possible regression
* Introduce modKeysPressed utility
   Returns an array of modifier keys that are pressed during a given `MouseEvent` or `KeyboardEvent`.
* Don't interfere with click events on links with `href` values when modifier keys are pressed
2022-10-05 13:08:54 +01:00
David Taylor 585c584fdb
Revert "DEV: Remove usage of `{{action}}` modifiers (#18333)" (#18469)
This reverts commit ba27ee1637.

We found some issues with handling of cmd/ctrl/shift + click on `<a` elements
2022-10-04 12:27:26 +01:00
Dan Gebhardt ba27ee1637
DEV: Remove usage of `{{action}}` modifiers (#18333)
This PR enables the [`no-action-modifiers`](https://github.com/ember-template-lint/ember-template-lint/blob/master/docs/rule/no-action-modifiers.md) template lint rule and removes all usages of the `{{action}}` modifier in core.

In general, instances of `{{action "x"}}` have been replaced with `{{on "click" (action "x")}}`. 

In many cases, such as for `a` elements, we also need to prevent default event handling to avoid unwanted side effects. While the `{{action}}` modifier internally calls `event.preventDefault()`, we need to handle these cases more explicitly. For this purpose, this PR also adds the [ember-event-helpers](https://github.com/buschtoens/ember-event-helpers) dependency so we can use the `prevent-default` handler. For instance:

```
<a href {{on "click" (prevent-default (action "x"))}}>Do X</a>
```

Note that `action` has not in general been refactored away as a helper yet. In general, all event handlers should be methods on the corresponding component and referenced directly (e.g. `{{on "click" this.doSomething}}`). However, the `action` helper is used extensively throughout the codebase and often references methods in the `actions` hash on controllers or routes. Thus this refactor will also be extensive and probably deserves a separate PR.

Note: This work was done to complement #17767 by minimizing the potential impact of the `action` modifier override, which uses private API and arguably should be replaced with an AST transform.

Commits:
* Enable `no-action-modifiers` template lint rule
* Replace {{action "x"}} with {{on "click" (action "x")}}
* Remove unnecessary action helper usage
* Remove ctl+click tests for user-menu
   These tests now break in Chrome when used with addEventListener. As per the comment, they can probably be safely removed.
* Prevent default event handlers to avoid unwanted side effects
   Uses `event.preventDefault()` in event handlers to prevent default event handling. This had been done automatically by the `action` modifier, but is not always desirable or necessary.
* Restore UserCardContents#showUser action to avoid regression
   By keeping the `showUser` action, we can avoid a breaking change for plugins that rely upon it, while not interfering with the `showUser` argument that's been passed.
* Revert EditCategoryTab#selectTab -> EditCategoryTab#select
   Avoid potential breaking change in themes / plugins
* Restore GroupCardContents#showGroup action to avoid regression
   By keeping the `showGroup` action, we can avoid a breaking change for plugins that rely upon it, while not interfering with the `showGroup` argument that's been passed.
* Restore SecondFactorAddTotp#showSecondFactorKey action to avoid regression
   By keeping the `showSecondFactorKey` action, we can avoid a breaking change for plugins that rely upon it, while not interfering with the `showSecondFactorKey` property that's maintained on the controller.
* Refactor away from `actions` hash in ChooseMessage component
* Modernize EmojiPicker#onCategorySelection usage
* Modernize SearchResultEntry#logClick usage
* Modernize Discovery::Categories#showInserted usage
* Modernize Preferences::Account#resendConfirmationEmail usage
* Modernize MultiSelect::SelectedCategory#onSelectedNameClick usage
* Favor fn over action in SelectedChoice component
* Modernize WizardStep event handlers
* Favor fn over action usage in buttons
* Restore Login#forgotPassword action to avoid possible regression
2022-10-04 10:42:46 +02:00
Penar Musaraj cc4af80c7d
DEV: refactor bootbox alerts (#18292) 2022-09-27 14:47:13 -04:00
Bianca Nenciu b81afa0756
FIX: Update user results page when no users found (#18363)
The page was not updated if the server did not return any results. This
caused the page to be either empty or display the previous result set.
2022-09-26 16:37:56 +03:00
Penar Musaraj 86ecb6c58b
DEV: update yes/no confirmation dialogs (#18181) 2022-09-14 11:06:56 -04:00
dependabot[bot] 327ca5b839
Build(deps): Bump webpack in /app/assets/javascripts (#18214)
Bumps [webpack](https://github.com/webpack/webpack) from 5.73.0 to 5.74.0.
- [Release notes](https://github.com/webpack/webpack/releases)
- [Commits](https://github.com/webpack/webpack/compare/v5.73.0...v5.74.0)

---
updated-dependencies:
- dependency-name: webpack
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-09-11 22:35:55 +02:00
dependabot[bot] 725b585a43
Build(deps): Bump ember-cli-htmlbars in /app/assets/javascripts (#18212) 2022-09-11 14:53:34 +02:00
dependabot[bot] 83b147aab2
Build(deps): Bump xss from 1.0.13 to 1.0.14 in /app/assets/javascripts (#18191)
Bumps [xss](https://github.com/leizongmin/js-xss) from 1.0.13 to 1.0.14.
- [Release notes](https://github.com/leizongmin/js-xss/releases)
- [Changelog](https://github.com/leizongmin/js-xss/blob/master/CHANGELOG.md)
- [Commits](https://github.com/leizongmin/js-xss/compare/v1.0.13...v1.0.14)

---
updated-dependencies:
- dependency-name: xss
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-09-11 11:58:16 +02:00
Penar Musaraj 7547878cde
FIX: Regression with admin user delete dialog buttons (#18179)
This also adds a test to prevent regressions and refactors the very similar delete dialog in the user summary screen.
2022-09-05 09:31:17 +02:00
Bianca Nenciu 19ed9dd183
FIX: Keep private theme key secret from user (#18106)
The generate RSA key and import theme routes worked separate from each
other. The RSA key returned both the public and private key and it was
the frontend which posted the private key back to the server. With this
commit, only the public key is necessary as the server keeps a map of
public and private keys that is used to get the private key back from
a public key.
2022-09-01 13:15:23 +03:00
David Taylor 240669da3a FIX: Immediately show sql options when badge query is supplied
`buffered` and `model` are EmberObjects, so we need to call `get()` when accessing values to ensure they are autotracked
2022-09-01 09:59:14 +01:00
Bianca Nenciu daa3f96d54
FIX: Allow .git end to miss from Git repo URL (#18092)
When installing private themes and theme components, the public key does
not show until the administrator types a valid Git repo URL. The regular
expression that checked the URL was too strict and it required the URL
to end with ".git".
2022-08-30 22:05:43 +03:00
Penar Musaraj 4116bce902
DEV: Add A11Y-friendly dialog addon (#18028)
This adds a new framework for accessible dialogs that will eventually replace bootbox. Under the hood, it uses the a11y-dialog package and an in-repo Ember addon. See PR for usage details.
2022-08-29 13:59:57 -04:00
Gerhard Schlager ec93bca99e
UX: Remove confusing fallback locale warning (#18096) 2022-08-26 01:22:04 +02:00
Penar Musaraj b930f4886a
UX: Add flat text button styles and use in date/time cancel modal (#17892)
Also fixes an A11Y issue with the date/time cancel button.
2022-08-15 15:06:03 -04:00
David Taylor 6cac35ca29 DEV: Update JS class sorting to match new lint rule 2022-08-15 09:28:31 +01:00
David Taylor e4fbb3be21
DEV: Update composer-fullscreen-prompt to template-only component (#17871)
1. Replace `{{did-insert` with the builtin `{{on` modifier
2. Move the i18n call into the template

With both of those changes, there is no logic left in the backing class, so we can switch to `templateOnly()` which is significantly faster. (granted, not a big deal for a component like this, but it makes for a good demonstration)
2022-08-12 10:43:38 +08:00
Joe c85921a548
FEATURE: Adds full screen composer submit button and prompt (#17839)
Context: https://meta.discourse.org/t/still-display-the-reply-create-topic-button-when-using-full-screen-composition/123597/6?u=johani

Right now, we don't show the submit buttons when you enter the full-screen composer. The reasons for that are described in the context link above.

This PR adds the improvements highlighted here: https://meta.discourse.org/t/still-display-the-reply-create-topic-button-when-using-full-screen-composition/123597/12?u=johani

Here's a list of the changes this PR introduces:

1. When you enter full-screen mode, we will now add a prompt that matches the browser fullscreen <kbd>F11</kbd> function. It looks like so

    <img width="500" src="https://user-images.githubusercontent.com/33972521/183529813-71a20167-a661-466c-b9ef-c4d34e231000.png">
    
    The prompt fades away after a couple of seconds.
    
2. This PR adds the submit buttons to the full-screen composer mode. The submit buttons should work like normal if the post has no errors. If the post has errors (title too short, body too short, required categories/tags), then the button will make the composer exit the full-screen mode so that users will see the errors and fix them. The error logic is based on what we currently have; this PR doesn't add any new validation. Here's a video of what that looks like:

    https://meta.discourse.org/t/-/127948/14?u=johani
2022-08-11 14:38:56 +08:00
Bianca Nenciu e029a9b36c
FEATURE: Allow private themes to be partially installed (#17644)
A public key must be added to GitHub when installing private themes.
When the process happens asynchronously (for example if the admin does
not have admin permissions to the GitHub repository), installing
private themes becomes very difficult.

In this case, the Discourse admin can partially install the theme by
letting Discourse save the private key, create a placeholder theme and
give the admin a public key to be used as a deploy key. After the key
is installed, the admin can finish theme installation by pressing a
button on the theme page.
2022-08-10 13:30:18 +03:00
Loïc Guitaut 5c37a5d0f2
FIX: Allow to add the same watched word with a different case (#17799)
Currently we can’t add a case-sensitive watched word if another one
exists with a different case. For example, the existing watched word
`Meta` has been created and is case-sensitive. Now an admin tries to add
`metA` while marking it as case-sensitive too, this won’t work and the
word won’t be added.

This patch changes this behavior by allowing to add same words that have
different cases, so the example above will now work as expected.

We still check for uniqueness but case-sensitivy is now taken
into account. It means that if the watched word `meta` already exists
and is not case-sensitive then it will not be possible to add `Meta`
(case-sensitive or not) as `meta` already matches every possible
variations of this word.
2022-08-05 12:18:17 +02:00
Peter Wagenet d0cbc61619
DEV: Add jsconfig (#17800)
This enables intelligent IDE features like "Go To Reference" to function correctly within the Discourse core codebase
2022-08-04 22:50:47 +01:00
Peter Wagenet 40cb46631f
DEV: Update `/admin/badges` to modern Ember patterns (#17672)
* Nest admin badges controller and route files

* Use standard file names for admin-badges

* Update resolver to allow standardized file structure for admin

* Add adminBadges.index controller for property tracking

* Modernize admin badges controller

* Modernize admin-badges route

* Add admin-badges index route

* Modernize admin-badges.show controller and route

* Modernize admin-badges.award controller and route

* Convert BadgeButton to a Glimmer component
2022-08-03 10:12:17 +01:00
Martin Brennan d2ddb140dd
FEATURE: Show SMTP response on admin email sent list and rearrange columns (#17143)
Follow up to 4d3c1ceb44, this commit
shows the SMTP response in the admin email sent list and also moves the
topic/post link into a new column. Reply key is now in its own column.
2022-08-03 08:11:54 +10:00
Selase Krakani 862007fb18
FEATURE: Add support for case-sensitive Watched Words (#17445)
* FEATURE: Add case-sensitivity flag to watched_words

Currently, all watched words are matched case-insensitively. This flag
allows a watched word to be flagged for case-sensitive matching.
To allow allow for backwards compatibility the flag is set to false by
default.

* FEATURE: Support case-sensitive creation of Watched Words via API

Extend admin creation and upload of Watched Words to support case
sensitive flag. This lays the ground work for supporting
case-insensitive matching of Watched Words.

Support for an extra column has also been introduced for the Watched
Words upload CSV file. The new column structure is as follows:

 word,replacement,case_sentive

* FEATURE: Enable case-sensitive matching of Watched Words

WordWatcher's word_matcher_regexp now returns a list of regular
expressions instead of one case-insensitive regular expression.

With the ability to flag a Watched Word as case-sensitive, an action
can have words of both sensitivities.This makes the use of the global
Regexp::IGNORECASE flag added to all words problematic.

To get around platform limitations around the use of subexpression level
switches/flags, a list of regular expressions is returned instead, one for each
case sensitivity.

Word matching has also been updated to use this list of regular expressions
instead of one.

* FEATURE: Use case-sensitive regular expressions for Watched Words

Update Watched Words regular expressions matching and processing to handle
the extra metadata which comes along with the introduction of
case-sensitive Watched Words.

This allows case-sensitive Watched Words to matched as such.

* DEV: Simplify type casting of case-sensitive flag from uploads

Use builtin semantics instead of a custom method for converting
string case flags in uploaded Watched Words to boolean.

* UX: Add case-sensitivity details to Admin Watched Words UI

Update Watched Word form to include a toggle for case-sensitivity.
This also adds support for, case-sensitive testing and matching of  Watched Word
in the admin UI.

* DEV: Code improvements from review feedback

 - Extract watched word regex creation out to a utility function
 - Make JS array presence check more explicit and readable

* DEV: Extract Watched Word regex creation to utility function

Clean-up work from review feedback. Reduce code duplication.

* DEV: Rename word_matcher_regexp to word_matcher_regexp_list

Since a list is returned now instead of a single regular expression,
change `word_matcher_regexp` to `word_matcher_regexp_list` to better communicate
this change.

* DEV:  Incorporate WordWatcher updates from upstream

Resolve conflicts and ensure apply_to_text does not remove non-word characters in matches
that aren't at the beginning of the line.
2022-08-02 10:06:03 +02:00
Bianca Nenciu 171789f47a
FIX: Make sure user list is complete and sorted (#17616)
Sometimes the user list was incomplete when multiple requests were
created to fetch next pages. If the responses did not arrive in the
same order as the requests then only the last response was parsed.

This is a follow up commit to a0f4c7fe88.
2022-07-26 17:54:52 +03:00
Jarek Radosz ff16ba1fc0
DEV: Update `@embroider/test-setup` (#17625) 2022-07-24 17:29:21 +02:00
David Taylor 13bc2f1f39 DEV: Upgrade to Ember 3.28 2022-07-19 10:00:59 +01:00
Jarek Radosz 9028df0fda
DEV: Use `includes()` instead of `indexOf() >= 0` (#17553)
Missed those cases in #17541
2022-07-19 10:27:40 +08:00
Jarek Radosz 0db6ae1e1f
DEV: Fix typos and other spell-checker warnings (#17554) 2022-07-19 10:27:10 +08:00
Jarek Radosz 057d6b406d
DEV: Extensively use `includes()` (#17541)
Also, the change in insert-hyperlink (from `this.linkUrl.indexOf("http") === -1` to `!this.linkUrl.startsWith("http")`) was intentional fix: we don't want to prevent users from looking up topics with http in their titles.
2022-07-17 20:48:36 +02:00
Jarek Radosz 5538b8442e
DEV: Introduce `discourseLater` (#17532)
A wrapper for `later()` from `@ember/runloop`, similar to `discourseDebounce`. It automatically reduces the delay in testing environment.
2022-07-17 00:50:49 +02:00
chapoi ddd9d9b620
UX: remove .btn-default from admin btn (#17515) 2022-07-15 22:09:48 +02:00
Jarek Radosz ad2c0aaee3
DEV: Fix submit-on-enter and de-jQ two components (#17484) 2022-07-14 08:59:33 +08:00
Jarek Radosz 365f558bda
DEV: Update `ember-resolver` (#17432) 2022-07-11 22:52:01 +02:00
Jarek Radosz 006de01943
DEV: Update `ember-cli-handlebars` (#17429) 2022-07-11 22:25:40 +02:00
Jarek Radosz 20851f7240
FIX: Inputs using focusout regressed in #17345 (#17389) 2022-07-08 13:00:33 +02:00
David Taylor fc36ac6cde
DEV: Modernize Ember Resolver (#17353)
This switches us to use the modern ember resolver package, and re-implements a number of our custom resolution rules within it. The legacy resolver remains for now, and is used as a fallback if the modern resolver is unable to resolve a package. When this happens, a warning will be printed to the console.

Co-authored-by: Peter Wagenet <peter.wagenet@gmail.com>
2022-07-06 14:20:00 +01:00
David Taylor fb31ae04a7
FIX: Ensure there is no limit on tag list settings (#17355)
`maximum=null` is not a supported configuration option. Instead, we need to pass the `@unlimitedTagCount` attribute
2022-07-06 12:23:23 +01:00
Jarek Radosz c3fd91670e
DEV: Update linting setup and fix issues (#17345)
Re-lands #16119 and #17298

* Update eslint-config-discourse
* Update linting workflow
* Prettier-ignore stuff
* Update template-lint config
* Auto-fix template issues
* Fix various template issues
  Mostly incorrect attributes and unused templates
* Prettier js files
* Fix template auto-fix regressions
* Small css tweak

Co-authored-by: Peter Wagenet <peter.wagenet@gmail.com>
2022-07-06 10:37:54 +02:00
Peter Wagenet 371bbadb92
No implicit this codemod (#17235)
* Run no-implicit-this codemod for app templates
* Run tagless-ember-components-codemod for plugins
* Turn on no-implicit-this lint
2022-07-05 19:41:31 +02:00
David Taylor 2a7fb4bf3a
FIX: Correct error in ip-lookup component definition (#17339)
7caaee2 introduced a duplicate definition of the component JS. This likely happened because we had the template defined under `javascripts/discourse`, and the component JS defined under `javascript/admin`. This commit removes the duplicate definition, and moves the template to the admin addon
2022-07-05 15:13:50 +01:00
David Taylor c011dd7b43 DEV: Remove last few curly-component invocations 2022-07-04 17:25:42 +01:00
Jarek Radosz a0a7b3f9c4
FIX: Correctly display `/admin/emails` errors (#17321)
Also removed unused codepath in `admin-badges-show`.
2022-07-04 16:03:53 +02:00
Peter Wagenet 7caaee27cc
DEV: Generate template backing classes for app (#17300)
```sh
npx ember-holy-futuristic-template-namespacing-batman-codemod ensure-template-only-has-backing-class
```

We would like to colocate templates but, when no backing class exists, colocated templates extend `templateOnly` instead of `Ember.Component`. Generating the backing class helps avoid any behavioral changes.

We can also run the `tagless-ember-components-codemod` to put the tags into the templates at which point we could convert these back to template-only components.
2022-07-04 01:27:29 +02:00
Jarek Radosz 16ea7ab248
DEV: Run angle-brackets codemod (#17286)
Co-authored-by: Peter Wagenet <peter.wagenet@gmail.com>
2022-06-30 12:30:50 +02:00
Jarek Radosz 39a025c7af
DEV: Allow newer versions of node (#17261)
It should now properly work with 18.x, so we should start moving into direction of it being the default.
2022-06-28 20:52:31 +02:00
Jarek Radosz 4821d44c3c
DEV: Update `webpack` (#17262) 2022-06-28 14:39:09 +02:00
Jarek Radosz f505221a9c
DEV: Update `ember-cli-terser` (#17252) 2022-06-27 18:13:46 +02:00
Jarek Radosz d1d6868325
DEV: Update xss.js (#17216)
* DEV: Update xss.js

* Fix our hack
2022-06-24 10:28:05 +08:00
Jarek Radosz f27dddd405
DEV: Make addons buildable on their own (#17205) 2022-06-23 22:19:54 +02:00
Jarek Radosz 16550537d0
DEV: Drop ember-maybe-import-regenerator (#17195)
I believe it's no longer needed on the browsers we support
2022-06-23 15:20:10 +02:00
Jarek Radosz 3cb67fcb6c
DEV: Update ember-cli-htmlbars (#17194) 2022-06-23 14:36:50 +02:00
Jarek Radosz 56d3bd5bdd
DEV: Update `@glimmer/component` (#17197) 2022-06-23 13:35:42 +02:00
Jarek Radosz b09cce6897
DEV: Update ember-source-channel-url (#17196) 2022-06-22 00:12:43 +02:00
Jarek Radosz 06feeed187
DEV: Update `@ember/optional-features` (#17193) 2022-06-22 00:12:33 +02:00
Jarek Radosz 216663effa
DEV: Update ember-cli-dependency-checker (#17192) 2022-06-22 00:12:24 +02:00
Jarek Radosz b50056a9f3
DEV: Update ember-cli-inject-live-reload (#17191) 2022-06-22 00:12:15 +02:00
Jarek Radosz 9cb9d1105e
DEV: Update ember-auto-import (#17176) 2022-06-21 22:06:41 +02:00
Jarek Radosz 36c2284dea
DEV: Fix typos "formated" -> "formatted" (#17156)
(nothing in all-the* relies on these)
2022-06-20 20:02:05 +02:00
Osama Sayegh 5176c689e9
UX: Change wording for 'regular' categories to 'normal' (#17134)
At some point in the past we decided to rename the 'regular' notification state of topics/categories to 'normal'. However, some UI copy was missed when the initial renaming was done so this commit changes the spots that were missed to the new name.
2022-06-20 06:49:33 +03:00
Isaac Janzen 6ad5db80de
DEV: Remove use of run-loop-dot-access (#17114)
Context: https://deprecations.emberjs.com/v3.x/#toc_deprecated-run-loop-and-computed-dot-access
2022-06-17 11:19:14 -05:00
Loïc Guitaut 1166db12b4
FIX: Make watched words uploads work as intended (#17097)
* FIX: Make watched words uploads work as intended

Currently when we upload a file containing watched words, it will always
add the words to the action that was initially selected: this is the
`block` action by default but if changing manually the action in the URL
to `flag` for example, then this action will be selected and uploaded
watched words will be categorised as `flag` no matter what.

The problem lies with how the component works: it’s an Uppy object where
extra data is defined to provide an action key to the server but when
navigating to another listed action, while this action key is properly
updated on the component itself, the underlying Uppy object has already
been created and doesn’t care about the new value.

This patch solves this by using the `_perFileData` method instead of
`data`: the former is merged just before uploading a file whereas the
latter is used when the Uppy object is created.
2022-06-17 11:07:58 +02:00
tshenry 7fc11327b7
COPY: Use main instead of master for theme installation modal (#17044)
GitHub now uses main as the default branch so it makes sense to update the placeholder in the theme installation modal to use main instead of master.
2022-06-08 11:32:54 -07:00
Martin Brennan f94682e2c4
FIX: Do not use SVGs for twitter:image metadata (#16973)
Twitter does not allow SVGs to be used for twitter:image
metadata (see https://developer.twitter.com/en/docs/twitter-for-websites/cards/overview/markup)
so we should fall back to the site logo if the image option
provided to `crawlable_meta_data` or SiteSetting.site_twitter_summary_large_image_url
is an SVG, and do not add the meta tag for twitter:image at all
if the site logo is an SVG.
2022-06-03 09:02:57 +10:00
Isaac Janzen f5e4df1b0e
DEV: Remove jquery from themes list (#16980) 2022-06-02 16:01:24 -05:00
Isaac Janzen 85ceafb4dc
DEV: Remove 'htmlSafe' string prototype extensions (#16766)
Context: https://deprecations.emberjs.com/v3.x/#toc_ember-string-prototype_extensions
2022-05-13 14:58:26 -05:00
Isaac Janzen aa95a3d654
DEV: Remove 'dasherize' string prototype extensions (#16740)
Context: https://deprecations.emberjs.com/v3.x/#toc_ember-string-prototype_extensions
2022-05-13 10:56:23 -05:00
Isaac Janzen 47d64b7a08
DEV: Remove last instance of {{with}} helper (#16651) 2022-05-05 06:16:34 -05:00
Jarek Radosz d58a1e180d
DEV: Update ember-try to 2.0.0 (#16606) 2022-05-03 11:04:16 -04:00
Jarek Radosz 8cb33cee48
DEV: Fix typo in customize-robots-txt (#16599) 2022-05-02 22:54:05 +02:00
Andrei Prigorshnev c9b2374299
DEV: make API of future-date-input more customizable and aligned with the API of time-shortcut-picker (#16502) 2022-04-27 16:41:15 +04:00
Joffrey JAFFEUX 3e23bd4745
FIX: prepare data before creating chart to avoid side effect (#16570)
Before this change, we were using the labels from the original chartData to the chart builder, and we would then apply our collapse function on each dataset which could change the labels and cause a mismatch.

This was very visible when using quarterly periods on consolidated pageviews.
2022-04-27 14:04:09 +02:00
Joffrey JAFFEUX 3daa45deaf
FIX: replaces discourseComputed by computed (#16530)
This was causing unexpected behaviors on production builds. And also on firefox on local environnement, however the issues was slightly different.

- production chrome: colors don't load
- dev firefox: colors don't change when selecting a different color set
2022-04-21 21:56:08 +02:00
Joffrey JAFFEUX 9e2303427c
REFACTOR: admin-customize-colors-show (#16525)
- native class
- drops jquery
- @action
- uses clipboardCopy
- filterBy
2022-04-21 09:50:23 +02:00
Joffrey JAFFEUX 01727da9b0
REFACTOR: admin-user-field-item (#16499)
- drops jquery
- removes a deprecation caused by overriding a computed property (isEditing)
- adds basic tests
- drops observers
- uses @action
- tagless
2022-04-19 13:31:43 +02:00
awesomerobot be4699fc28 add classes to danger buttons on user admin 2022-04-12 09:09:04 +08:00
Jarek Radosz 14778ba52e
DEV: Fix select-kit deprecations (#15080) 2022-04-05 19:01:09 +02:00
CommanderRoot 86a783b3ad
DEV: Replace deprecated String.prototype.substr() (#16233)
String.prototype.substr() is deprecated so we replace it with String.prototype.slice() which works similarily but isn't deprecated.

Signed-off-by: Tobias Speicher <rootcommander@gmail.com>
Co-authored-by: Jarek Radosz <jradosz@gmail.com>
2022-04-01 17:35:17 +02:00
Osama Sayegh e7c16bc49a
DEV: Remove grant admin 2FA modal (#16347)
The `grant-admin-second-factor` modal is no longer being used since dd6ec65061.
2022-03-31 19:01:11 +03:00
Penar Musaraj e5bf704c7b
UX: Add details button to admin bounced/rejected lists (#16343) 2022-03-31 11:14:11 -04:00
Mark VanLandingham a0f4c7fe88
FIX: remove racing requests for admin users (#15936) 2022-03-16 08:47:48 -05:00
Bianca Nenciu 4fe99e39c3
FEATURE: Add new site setting list type with name and values (#16045)
These changes include a bug fix because allow_any attribute of site
settings was completely ignored before.
2022-03-08 13:18:43 +02:00
Bianca Nenciu 953d36b788
FIX: Allow none category if default is none (#15995)
Even if the site setting's default value is none by default, it did not
allow admins to select it again after it was changed.
2022-02-21 18:15:55 +02:00
Osama Sayegh dd6ec65061
FEATURE: Centralized 2FA page (#15377)
2FA support in Discourse was added and grown gradually over the years: we first
added support for TOTP for logins, then we implemented backup codes, and last
but not least, security keys. 2FA usage was initially limited to logging in,
but it has been expanded and we now require 2FA for risky actions such as
adding a new admin to the site.

As a result of this gradual growth of the 2FA system, technical debt has
accumulated to the point where it has become difficult to require 2FA for more
actions. We now have 5 different 2FA UI implementations and each one has to
support all 3 2FA methods (TOTP, backup codes, and security keys) which makes
it difficult to maintain a consistent UX for these different implementations.
Moreover, there is a lot of repeated logic in the server-side code behind these
5 UI implementations which hinders maintainability even more.

This commit is the first step towards repaying the technical debt: it builds a
system that centralizes as much as possible of the 2FA server-side logic and
UI. The 2 main components of this system are:

1. A dedicated page for 2FA with support for all 3 methods.
2. A reusable server-side class that centralizes the 2FA logic (the
`SecondFactor::AuthManager` class).

From a top-level view, the 2FA flow in this new system looks like this:

1. User initiates an action that requires 2FA;

2. Server is aware that 2FA is required for this action, so it redirects the
user to the 2FA page if the user has a 2FA method, otherwise the action is
performed.

3. User submits the 2FA form on the page;

4. Server validates the 2FA and if it's successful, the action is performed and
the user is redirected to the previous page.

A more technically-detailed explanation/documentation of the new system is
available as a comment at the top of the `lib/second_factor/auth_manager.rb`
file. Please note that the details are not set in stone and will likely change
in the future, so please don't use the system in your plugins yet.

Since this is a new system that needs to be tested, we've decided to migrate
only the 2FA for adding a new admin to the new system at this time (in this
commit). Our plan is to gradually migrate the remaining 2FA implementations to
the new system.

For screenshots of the 2FA page, see PR #15377 on GitHub.
2022-02-17 12:12:59 +03:00
David Taylor a01b1dd648
PERF: Update ember-auto-import and webpack (#15919)
This makes a small improvement to 'cold cache' ember-cli build times, and a large improvement to 'warm cache' build times

The ember-auto-import update means that vendor is now split into multiple files for efficiency. These are named `chunk.*`, and should be included immediately after the `vendor.js` file. This commit also updates the rails app to render script tags for these chunks.

This change was previously merged, and caused memory-related errors on RAM-constrained machines. This was because Webpack 5 switches from multiple worker processes to a single multi-threaded process. This meant that it was hitting node's default heap size limit (~500mb on a 1GB RAM server). Discourse's standard install procedure recommends adding 2GB swap to 1GB-RAM machines, so we can afford to override's Node's default via the `--max-old-space-size` flag.
2022-02-14 11:21:39 +00:00
Vinoth Kannan 1f30bacb65
FIX: use `prev_period` data if `prev30Days` value is not available. (#15867)
Previously, reports of likes and flags doesn't include the 30 days trend icon and title.
2022-02-09 22:09:33 +05:30
Martin Brennan c1ad9c3276
DEV: Make clipboardCopy util available for import (#15874)
We need this in other places, this commit moves clipboardCopy
to the utilities.js lib. Had to remove use of Promise as well because
lib/utilities cannot import it, otherwise it will cause a mini racer error.
2022-02-09 16:11:41 +10:00
David Taylor 4cceb55621
Revert "PERF: Update ember-auto-import (#15814)" (#15854)
This reverts commit f4c6a61855 and a8325c9016

This update of ember-auto-import and webpack causes significantly higher memory use during rebuilds. This made ember-cli totally unusable on 1GB RAM / 2GB swap environments. We don't have a specific need for this upgrade right now, so reverting for now.
2022-02-07 22:41:07 +00:00
David Taylor f4c6a61855
PERF: Update ember-auto-import (#15814)
This makes a small improvement to 'cold cache' ember-cli build times, and a large improvement to 'warm cache' build times

The ember-auto-import update means that vendor is now split into multiple files for efficiency. These are named `chunk.*`, and should be included immediately after the `vendor.js` file. This commit also updates the rails app to render script tags for these chunks
2022-02-04 11:00:51 +00:00
Keegan George 1485dab12e
FEATURE: Ability to re-order value lists (#15775)
Adds up and down buttons next to the inputs of value lists when there is more than 1 item present. This helps to re-order the items in the value lists if necessary.
2022-02-03 22:47:02 +01:00
David Taylor c985f82174
Revert "PERF: Update ember-auto-import (#15695)" (#15805)
This reverts commit 76022132f7. This update introduced 'chunking' of vendored dependencies, which we don't support in the rails app.
2022-02-03 16:54:48 +00:00
David Taylor 76022132f7
PERF: Update ember-auto-import (#15695)
This makes a small improvement to 'cold cache' ember-cli build times, and a large improvement to 'warm cache' build times
2022-02-03 10:01:59 +00:00
Penar Musaraj 7d5d2bf13e
A11Y: Use `autocomplete=off` more widely (#15780) 2022-02-03 16:16:49 +11:00
Natalie Tay 23a8341b28
FEATURE: Validate domain settings for blocked_onebox_domain only (#15754)
We want to prevent the user from adding ? or * minimally
when setting domains in sitesettings
2022-02-03 11:26:53 +08:00
Jarek Radosz 7806857841
UX: Highlight "Users" link when on adminUser path (#15739) 2022-02-01 21:32:48 +01:00
Rafael dos Santos Silva 3f694e4ab5
FEATURE: Use native color-picker (#15748) 2022-02-01 11:18:13 -03:00
Martin Brennan 35343e7f91
FIX: Improve emoji upload UI (#15603)
This commit adds a hover effect for drag and drop in
the admin emoji uploader. It also changes the "Add New
Emoji" button to open the file selector; previously it
was useless because it was disabled unless a name was
entered (which is not even a requirement for the emoji)
and also it didn't actually do anything on click even
if it wasn't disabled.

Now we have a way of adding files without having to drag
and drop them, which is nice.

Also in this PR, there was no indication before that the upload was
complete apart from the button becoming enabled again.
This commit adds the highlight class to the emoji list
and removes it once the highlight fade animation is done,
like we do for new posts.
2022-01-17 11:48:49 +10:00
Bianca Nenciu 5d35c38db2
FEATURE: Search screened IP address in blocks (#15461)
An admin could search for all screened ip addresses in a block by
using wildcards. 192.168.* returned all IPs in range 192.168.0.0/16.
This feature allows admins to search for a single IP address in all
screened IP blocks. 192.168.0.1 returns all IP blocks that match it,
for example 192.168.0.0/16.

* FEATURE: Remove roll up button for screened IPs

* FIX: Match more specific screened IP address first
2022-01-11 09:16:51 +02:00
David Taylor c1f74cd92a
DEV: Update default tagName and connectorTagName for plugin outlets (#13685)
This commit should be a no-op for all existing core outlets. Outlets which are introduced by themes/plugins may see a change in behavior, and should follow the steps below if they want to maintain their previous behavior.

`tagName="" connectorTagName=""` is almost always the correct choice for plugin outlets. 40eba8cd introduced a `noTags=true` shortcut which achieved this, and left a comment saying it should be the future default. This commit does exactly that. To avoid any breaking changes for plugins, all existing plugin outlets have been reviewed and adjusted by following this logic:

1) If `noTags=true`, remove the `noTags` parameter, and do not complete any further steps
2) If `tagName` is not specified, set `tagName="span"` (the previous default)
3) If `connectorTagName` is not specified, set `selectorTagName="div"` (the previous default)
4) If `tagName=""`, remove it
5) If `connectorTagName=""`, remove it

The updates were accomplished with the help of a ruby script:

```ruby
def removeAttr(tag, attribute)
  tag = tag.sub /\s#{attribute}="?\w*"? /, " "
  tag = tag.sub /\s#{attribute}="?\w*"?}}/, "}}"
  tag = tag.sub /^\s*#{attribute}="?\w*"?\n/, ""
  tag
end

files = Dir.glob("app/assets/javascripts/**/*.hbs")

puts "Checking #{files.count} files..."
files.each do |f|
  content = File.read(f)

  count = 0
  edits = 0
  content.gsub!(/{{\s*plugin-outlet.*?}}/m) do |match|
    count += 1

    result = match

    noTags = result.include?("noTags=true")
    tagName = result[/tagName="(\w*)"/, 1]
    connectorTagName = result[/connectorTagName="(\w*)"/, 1]

    if noTags
      result = removeAttr(result, "noTags")
    else
      if connectorTagName == ""
        result = removeAttr(result, "connectorTagName")
      elsif connectorTagName.nil?
        result = result.sub(/name="[\w-]+"/) { |m| "#{m} connectorTagName=\"div\"" }
      end

      if tagName == ""
        result = removeAttr(result, "tagName")
      elsif tagName.nil?
        result = result.sub(/name="[\w-]+"/) { |m| "#{m} tagName=\"span\"" }
      end
    end

    edits += 1 if match != result

    result
  end

  puts "#{count} outlets, #{edits} edited -> #{f}"

  File.write(f, content)
end
```
2022-01-06 20:38:17 +00:00
Martin Brennan ed83d7573e
FIX: Tone down admin dashboard critical problem messaging (#15442)
Keep the title the same as it used to be and only
show the exclamation icon on the critical problems in
the list.
2022-01-04 13:00:58 +10:00
Martin Brennan 20fe5eceb8
FEATURE: Scheduled group email credential problem check (#15396)
This commit adds a check that runs regularly as per
2d68e5d942 which tests the
credentials of groups with SMTP or IMAP enabled. If any issues
are found with those credentials a high priority problem is added to the
admin dashboard.

This commit also formats the admin dashboard differently if
there are high priority problems, bringing them to the top of
the list and highlighting them.

The problem will be cleared if the issue is fixed before the next
problem check, or if the group's settings are updated with a valid
credential.
2022-01-04 10:14:33 +10:00
Penar Musaraj 108c8302fb
FEATURE: Automatic admin editor dark mode (#15419) 2021-12-29 11:02:37 -05:00
Martin Brennan d330a5447d
DEV: Remove old backup uploader and resumable.js (#15365)
Now that d5e380e5c1 has been
committed there is nothing in the codebase that uses either
resumable.js or the old backup-uploader component.

R.I.P resumable.js
2021-12-21 15:02:10 +10:00
Martin Brennan d5e380e5c1
DEV: Promote uppy backup uploader to primary uploader (#15363)
This commit removes the enable_experimental_backup_uploader site
setting and the flags in backups-index.hbs to make the uppy
backup uploader the main one from now on.

A follow-up commit will delete the old backup uploader code and
also remove resumable.js from the project.
2021-12-20 13:39:35 +10:00
Martin Brennan 2d68e5d942
FEATURE: Scheduled problem checks for admin dashboard (#15327)
This commit introduces scheduled problem checks for the admin dashboard, which are long running or otherwise cumbersome problem checks that will be run every 10 minutes rather than every time the dashboard is loaded. If these scheduled checks add a problem, the problem will remain until it is cleared or until the scheduled job runs again.

An example of a check that should be scheduled is validating credentials against an external provider.

This commit also introduces the concept of a `priority` to the problems generated by `AdminDashboardData` and the scheduled checks. This is `low` by default, and can be set to `high`, but this commit does not change any part of the UI with this information, only adds a CSS class.

I will be making a follow up PR to check group SMTP credentials.
2021-12-20 09:59:11 +10:00
Penar Musaraj 4ee5d52ac9
DEV: Remove jQuery autoellipsis dependency (#15336) 2021-12-17 11:45:12 -05:00
Bianca Nenciu ce7c821aa9
UX: Extend user hyperlink in staff action logs (#15293)
The avatar hyperlink redirected to admin user page and the username
hyperlink applied a filter. Now both hyperlinks redirect to admin user
page.
2021-12-14 17:14:18 +02:00
Martin Brennan 40d13ce662
DEV: Only support multipart for backup S3 uploads with Uppy (#15270)
In the composer, we already only allow for S3 multipart uploads
if enable_direct_s3_uploads is true, so in the backups uploader
that is based on Uppy we want to do the same thing. In future
if self-hosters need some way to not use S3 multipart in these
scenarios for whatever reason we can revisit this then (which
should be as simple as adding a enable_multipart_s3_uploads site
setting).
2021-12-13 15:24:00 +10:00
Joffrey JAFFEUX e0ea16f05d
DEV: removes jquery usage from admin-watched-words (#15246) 2021-12-09 17:06:54 +01:00
Joffrey JAFFEUX f889ec2fcd
DEV: refactors admin-plugins/admin-site-settings (#15244)
- drops jQuery usage
- removes apparently useless clearfix
- uses @action
- drops unused clearFilter function in admin-plugins
2021-12-09 13:47:56 +01:00
Osama Sayegh fced35de15
UX: Add title attribute to reports cells (#15137)
Some reports, like the Web Crawler User Agents report, have very long strings that need to be truncated when displayed. However, there is no way to see the full value without exporting the report or inspecting the elements using dev tools. This PR set a `title` attribute with the full value to the reports `<td>` elements so that the full value is shown on hover.
2021-11-30 14:58:42 +03:00
Jarek Radosz de3680eb5c
DEV: Re-allow node 17, with a warning (#15083) 2021-11-24 21:16:33 +01:00
Jarek Radosz e41f98bf96
DEV: Fix set-after-destroy issues (#15078)
Fixes broken tests on the legacy ember env.
2021-11-24 20:13:52 +01:00
Jarek Radosz c75224e3d9
DEV: Update supported node versions (#15073)
13 and 15 are no longer supported by node, and issues with discourse dependencies prevent us from using 17. (for now)
2021-11-24 18:18:35 +01:00
Martin Brennan 49c49e8ae0
FEATURE: Local chunked uppy backup uploads with a new uploader plugin (#14894)
This takes the uppy chunking algorithm and combines it with some
form submission from resumable.js for parity with the current
backup controller to make local backup uploads work with uppy.
We can then use this to replace the resumable-upload component
and the resumable.js library from our codebase, once stable.

This is disabled by default, so people using local backups will not
be affected. The enable_experimental_backup_uploader site setting
must be enabled for this to work.
2021-11-23 08:45:42 +10:00
Jarek Radosz a102673522
DEV: Avoid unnecessary `site-settings:main` lookups (#15006) 2021-11-18 17:11:59 +01:00
Joffrey JAFFEUX ef881fdedc
DEV: drops jquery/simplify code/removes leaked event (#14947) 2021-11-16 10:26:39 +01:00
Joffrey JAFFEUX c768c2ab3a
DEV: drops jquery usage in stacked chart (#14946) 2021-11-16 10:26:26 +01:00
Joffrey JAFFEUX 43659a6de2
DEV: jquery removal/listeners/cleanup of permalink form (#14944)
- Removes jquery
- Removes a not unregistered listener and uses component event
- Removes external-url class as it was only valid in one case of the dropdown
- Uses @action
- Tagless
- Other minor changes
2021-11-16 10:25:54 +01:00
Jarek Radosz f414d5eace
DEV: Use method definition syntax consistently (#14915) 2021-11-13 14:01:55 +01:00
Jarek Radosz bdd2c888b0
DEV: Avoid using globals (#14909) 2021-11-13 13:10:13 +01:00
Martin Brennan 729043633e
DEV: Add missing IDs to uppy upload components (#14880) 2021-11-11 15:38:39 +10:00
Martin Brennan e4350bb966
FEATURE: Direct S3 multipart uploads for backups (#14736)
This PR introduces a new `enable_experimental_backup_uploads` site setting (default false and hidden), which when enabled alongside `enable_direct_s3_uploads` will allow for direct S3 multipart uploads of backup .tar.gz files.

To make multipart external uploads work with both the S3BackupStore and the S3Store, I've had to move several methods out of S3Store and into S3Helper, including:

* presigned_url
* create_multipart
* abort_multipart
* complete_multipart
* presign_multipart_part
* list_multipart_parts

Then, S3Store and S3BackupStore either delegate directly to S3Helper or have their own special methods to call S3Helper for these methods. FileStore.temporary_upload_path has also removed its dependence on upload_path, and can now be used interchangeably between the stores. A similar change was made in the frontend as well, moving the multipart related JS code out of ComposerUppyUpload and into a mixin of its own, so it can also be used by UppyUploadMixin.

Some changes to ExternalUploadManager had to be made here as well. The backup direct uploads do not need an Upload record made for them in the database, so they can be moved to their final S3 resting place when completing the multipart upload.

This changeset is not perfect; it introduces some special cases in UploadController to handle backups that was previously in BackupController, because UploadController is where the multipart routes are located. A subsequent pull request will pull these routes into a module or some other sharing pattern, along with hooks, so the backup controller and the upload controller (and any future controllers that may need them) can include these routes in a nicer way.
2021-11-11 08:25:31 +10:00
Bianca Nenciu 3791fbd919
FEATURE: Add read-only scope to API keys (#14856)
This commit adds a global read-only scope that can be used to create
new API keys.
2021-11-10 17:48:00 +02:00
Martin Brennan 23b7b42acd
DEV: Bump eslint-config-discourse (#14868)
Changes for 4f7aba06c0

Also fixes all of the object-shorthand violations in our JS code.
2021-11-10 09:31:41 +10:00
Bianca Nenciu b203e316ac
FEATURE: Add pagination to API keys page (#14777) 2021-11-09 12:18:23 +02:00
Martin Brennan 18dc2c5040
FEATURE: Use uppy for tags uploader (#14821)
No other caveats or fixes.
2021-11-08 08:18:09 +10:00
Martin Brennan 1dddbf3d47
FEATURE: Use uppy for watched word uploader (#14817)
This commit, while changing the watched word uploader to use
uppy, also fixes a minor bug with the UppyUploadMixin where
the file input's value was not cleared after reset, which
prevented subsequent file uploads. The composer mixin already
has this fix.
2021-11-05 09:23:28 +10:00
Penar Musaraj 9b30103628
UX: Layout fixes for admin permalinks page (#14819) 2021-11-04 14:15:55 -04:00
Penar Musaraj d2ddb82022
UX: Remove animation in admin theme list (#14743) 2021-10-27 13:09:34 -04:00
Bianca Nenciu 261edcebcb
FIX: Allow every tag for watched words (#14684)
If a watched word was restricted to a category, new rules for that
watched word could not be created.
2021-10-25 10:53:42 +03:00
Joffrey JAFFEUX adb302f801
DEV: drops jquery usage un admin-report-chart (#14661) 2021-10-20 14:28:49 +02:00
Arpit Jalan 1b8feae0bc
FIX: reset sso email and payload when user navigates away (#14658) 2021-10-20 17:21:32 +05:30
Martin Brennan 2364626ded
FEATURE: Change all core to use uppy-image-uploader (#14428)
Instead of using image-uploader, which relies on the old
UploadMixin, we can now use the uppy-image-uploader which
uses the new UppyUploadMixin which is stable enough and
supports both regular XHR uploads and direct S3 uploads,
controlled by a site setting (default to XHR).

At some point it may make sense to rename uppy-image-uploader
back to image-uploader, once we have gone through plugins
etc. and given a bit of deprecation time period.

This commit also fixes `for_private_message`, `for_site_setting`,
and `pasted` flags not being sent via uppy uploads onto the
UploadCreator, both via regular XHR uploads and also through
external/multipart uploads.

The uploaders changed are:

* site setting images
* badge images
* category logo
* category background
* group flair
* profile background
* profile card background
2021-10-19 13:25:42 +10:00
Roman Rizzi 766d337d42
FIX: Display embeddable host's post to category. (#14517)
The host's category was successfully updated on the database, but the category property was not properly set when rendering the component for the first time.
2021-10-05 13:59:27 -03:00
Roman Rizzi 90a3fbc07b
DEV: Remove HTML setting type and sanitization logic. (#14440)
* DEV: Remove HTML setting type and sanitization logic.

We concluded that we don't want settings to contain HTML, so I'm removing the setting type and sanitization logic. Additionally, we no longer allow the global-notice text to contain HTML.

I searched for usages of this setting type in the `all-the-plugins` repo and found none, so I haven't added a migration for existing settings.

* Mark Global notices containing links as HTML Safe.
2021-10-04 15:40:35 -03:00
Joffrey JAFFEUX 6273dfad4b
REFACTOR: minor changes to api-keys-new (#14435)
- moves loading scopes to controller
- avoids declaring array
- simplify code
2021-09-27 10:43:47 +02:00
Joffrey JAFFEUX 1abe807528
REFACTOR: setting component mixin (#14437)
* REFACTOR: setting component mixing

- drops jquery usage
- extract spit function
- uses @action
- removes get usage where possible
- uses helpers
- minor changes

Co-authored-by: Jarek Radosz <jradosz@gmail.com>
2021-09-27 10:43:26 +02:00
Penar Musaraj a736ff5f69
DEV: Clean up some styles (#14374) 2021-09-20 09:52:03 -04:00
Bianca Nenciu 6a7ea66670
FEATURE: Use second factor for admin confirmation (#14293)
Administrators can use second factor to confirm granting admin access
without using email. The old method of confirmation via email is still
used as a fallback when second factor is unavailable.
2021-09-14 15:19:28 +03:00
David Taylor 928f000b4b
FIX: Use <textarea> for theme translations (#14322)
Translations are often multi-line. Using a regular `<input>` doesn't allow newlines, so if you try to edit a multiline theme translation, all the line breaks will be removed.

This commit updates the theme translations UI to use `<textarea>`, just like the core translation editing UI.
2021-09-13 18:57:19 +01:00
Penar Musaraj a03d8a147f
UX: Fix mobile styling for admin color schemes (#14314) 2021-09-13 13:43:57 -04:00
Penar Musaraj 954f8f8e7e
UX: Fix alignment for admin controls on mobile (#14312) 2021-09-13 13:43:43 -04:00
Penar Musaraj 24e71acf3f
UX: Normalize sizing for inputs, buttons, dropdowns (#14226)
See PR for details
2021-09-09 11:01:56 -04:00
Arpit Jalan 419d71abcb
FEATURE: allow admin to delete all posts by a user irrespectively (#14128)
This commit allows admin to delete all posts by a user irrespective of
site settings `delete_user_max_post_age` and `delete_all_posts_max`.
2021-08-25 10:14:22 +05:30
Joffrey JAFFEUX d7c185bf3d
DEV: updates chart.js to 3.5.1 (#14107) 2021-08-23 13:49:49 +02:00
Joffrey JAFFEUX cb59681d86
DEV: select-kit third major update with focus on accessibility (#13303)
Major changes included:
- better support for screen readers
- trapping focus in modals
- better tabbing order in composer
- alerts on no content found/number of items found
- better autofocus in modals
- mini-tag-chooser is now a multi-select component
- each multi-select-component will now display selection on one row
2021-08-23 10:44:19 +02:00
Grayden 64ead3c3a1
FIX: Revoking admin or moderator status doesn't require refresh to delete/anonymize/merge user (#14073)
* FIX: Revoking admin or moderator status doesn't require refresh to delete/anonymize/merge user

On the /admin/users/<id>/<username> page, there are action buttons that are either visible or hidden depending on a few fields from the AdminDetailsSerializer: `can_be_deleted`, `can_be_anonymized`, `can_be_merged`, `can_delete_all_posts`.

These fields are updated when granting/revoking admin or moderator status. However, those updates were not being reflected on the page. E.g. if a user is granted moderation privileges, the 'anonymize user' and 'merge' buttons still appear on the page, which is inconsistent with the backend state of the user. It requires refreshing the page to update the state.

This commit fixes that issue, by syncing the client model state with the server state when handling a successful response from the server. Now, when revoking privileges, the buttons automatically appear without refreshing the page. Similarly, when granting moderator privileges, the buttons automatically disappear without refreshing the page.

* Add detailed user response to spec for changed routes.

Add tests to verify that the revoke_moderation, grant_moderation, and revoke_admin routes return a response formatted according to the AdminDetailedUserSerializer.
2021-08-19 09:57:16 +08:00
Arpit Jalan cfc280676e
FIX: do not show default locale option on site text customization (#14083) 2021-08-19 05:54:21 +05:30
awesomerobot b801319fb8 UX: add a title to the user filter input 2021-08-16 10:53:05 +08:00
Jarek Radosz e68c1d5ba5
DEV: Use `key` over the deprecated `keyCode` (#13795)
Makes the code a bit more readable. Inspired by https://github.com/emberjs/ember.js/pull/19185
2021-08-09 11:41:36 +02:00
Jarek Radosz fbd1cd5fe1
DEV: Prevent npm usage (#13945)
We rely on yarn workspaces so we don't want people using npm in the repo by accident.

Also updated the required node version to 12+.

~~Not sure about the min yarn version – the latest one could be missing in various CI-like envs, so I might change it yet.~~
Downgraded yarn to ">= 1.21.1" (the oldest of "current" versions, tagged "legacy")
2021-08-04 22:04:58 +02:00
Jean e7b8e75583
FEATURE: Add post edits count to user activity (#13495) 2021-08-02 10:15:53 -04:00
Joe 7b56325f89
UX: adds hover title with full date to admin users columns (#13913)
This PR adds a hover title to a few columns on the admin users' page

/admin/users/list/active

The hover title will show the date in full format on those columns with shortened dates
2021-08-02 20:54:05 +08:00
Bianca Nenciu 18c32a809b
FIX: Validate email_accent_bg_color color (#13778)
Using an invalid value was allowed. This commit tries to automatically
fix the color by adding missing # symbol or will show an error to the
user if it is not possible and it is not a CSS color either.
2021-07-22 17:42:47 +03:00
Osama Sayegh 1c82989f77
FEATURE: Add filter box to the themes/components list (#13767) 2021-07-19 09:33:58 +08:00
Vinoth Kannan d6fc39c886
FEATURE: update existing users when group default notifications changed. (#13434)
Currently, the changes will only affect the users added after.
2021-07-15 19:53:57 +05:30
Osama Sayegh 31aa701518
FEATURE: Add option to grant badge multiple times to users using Bulk Award (#13571)
Currently when bulk-awarding a badge that can be granted multiple times, users in the CSV file are granted the badge once no matter how many times they're listed in the file and only if they don't have the badge already.

This PR adds a new option to the Badge Bulk Award feature so that it's possible to grant users a badge even if they already have the badge and as many times as they appear in the CSV file.
2021-07-15 05:53:26 +03:00
Penar Musaraj 7d43e51821
FIX: Remove button to dismiss theme error messages (#13734) 2021-07-14 15:17:32 -04:00
Jeff Wong d87a0216bb
FEATURE: Penalty history improvements (#13359)
* FEATURE: add penalty history when silencing a user

Display penalty history (last 6 months) when silencing/suspending a user

* FEATURE: allow default penalty values to be chosen

Adds a site setting that designates default penalty values in hours.

Silence/suspend modals will auto-fill in the default values, but otherwise
will still allow moderators to pick and overwrite values as normal.

First silence/suspend: first value
Second silence/suspend: second value
etc.

Penalty counts are forgiven at the same rate as tl3 promotion requirements do.

Co-authored-by: jjaffeux <j.jaffeux@gmail.com>
2021-07-12 11:36:56 -07:00
Kris 729a9856f8
UX: Add copy button to theme public key (#13690) 2021-07-12 14:34:08 -04:00
Joffrey JAFFEUX 33464cb07e
FIX: ensures we don't apply charts options to other modes (#13570)
This reverts commit 1f74ea0f08.
2021-06-29 21:58:35 +02:00
Robin Ward 1f74ea0f08 FIX: Some admin reports (notably backups) were not showing up 2021-06-29 15:14:16 -04:00
Jarek Radosz aa56e2a758
DEV: Don't use the Ember global (#13535) 2021-06-29 19:54:18 +02:00
Krzysztof Kotlarek a69839689d
FEATURE: add multiselect user custom field (#13560)
New user custom field similar to dropdown but allowing users to select multiple options.
2021-06-29 16:29:25 +10:00
Arpit Jalan 3dda926cb2
FIX: only delete the word/phrase when the 'x' icon is clicked (#13547) 2021-06-28 15:14:18 +05:30
Bianca Nenciu 8ab6fd88ef
UX: Add notice when watched words are regexes (#13493)
There is a big difference between regular watched words and regular
expressions and this has been confusing in the past. This notice adds
an explanation.

This commit also reorganizes the code of the test modal.
2021-06-25 12:08:52 +03:00
Mark VanLandingham 7c94efd6c9
FIX: Table header translations on admin users list (#13505) 2021-06-23 13:19:30 -05:00
Jordan Vidrine 385535f421
UX: Hide email columns when `Hide Emails` is selected (#13502)
* UX: Scroll user list container when emails are present
2021-06-23 12:42:16 -05:00
Penar Musaraj cfc60f41f0
DEV: Rename emoji icon (#13499) 2021-06-23 11:12:48 -04:00
Joffrey JAFFEUX 1a6759a5d9
FIX: ensures average is applied on last incomplete segment (#13472) 2021-06-22 12:26:52 +02:00
Joffrey JAFFEUX 8c213fa98b
FIX: correctly implements average for reports (#13447)
- Also now marks time_to_first_response as an averaged chart
- Averaged charts will now be marked as such in the UI
2021-06-21 10:35:11 +02:00
Joffrey JAFFEUX 6b3adeed0f
UX: daily automatic grouping for less than 34 days instead of 30 (#13437) 2021-06-18 19:54:16 +02:00
Penar Musaraj e9e2827636
FIX: Mobile layout for watched words admin UI (#13427) 2021-06-18 08:57:13 -04:00
Joffrey JAFFEUX c9bd4b4c64
FIX: ensures validValues is an array (#13435)
Before this fix the setting object would have exceptions on 3 fields: computedNameProperty, computedValueProperty and validValues

```
TypeError: Cannot read property 'forEach' of undefined
    at Class.validValues (http://localhost:4200/assets/admin.js:10468:19)
    at Class.<anonymous> (http://localhost:4200/assets/vendor.js:82492:19)
    at http://localhost:4200/assets/vendor.js:28633:34
    at untrack (http://localhost:4200/assets/vendor.js:26641:7)
    at ComputedProperty.get (http://localhost:4200/assets/vendor.js:28632:13)
    at Class.CPGETTER_FUNCTION [as validValues] (http://localhost:4200/assets/vendor.js:26259:25)
    at Class.r (<anonymous>:1:83)
```
2021-06-18 14:02:21 +02:00
Joffrey JAFFEUX d88f792eb1
DEV: removes maximum limit on tag list site setting (#13436) 2021-06-18 12:53:30 +02:00
Penar Musaraj 36162cf396
FIX: Adding multiple auto tags in watched words admin UI (#13421) 2021-06-17 13:42:16 -04:00
Joffrey JAFFEUX 90bd88627a
FIX: prevents mode to be forced to unexisting mode (#13413) 2021-06-17 10:07:51 +02:00
Joffrey JAFFEUX 4c3d2267b4
FIX: ensure we dont collapse data multiple times (#13399)
Note that this commit will also disable daily grouping for datasets with more than 30 data points. This will also smartly do the grouping by month when grouping a full year.
2021-06-17 09:15:20 +02:00
Dan Ungureanu ff4fb9c771
DEV: Add plugin API to extend search results (#12966) 2021-06-15 15:32:41 +10:00
Bianca Nenciu d9484db718
FIX: Split link watched words from replace (#13196)
It was not clear that replace watched words can be used to replace text
with URLs. This introduces a new watched word type that makes it easier
to understand.
2021-06-02 15:36:49 +10:00
Jarek Radosz e06a206131
DEV: Remove `cache` option from `ajax()` (#13142)
1. It defaults to `cache: true` already
2. Setting it to `false` for non-GET request doesn't do anything
3. We were correcting `cache: false` GET requests to use `cache: true`

…so setting it to anything at all, for any type of request doesn't make sense (anymore)
2021-05-31 14:41:35 +02:00
Bianca Nenciu efd6394cd8
FEATURE: Show an error message if regex is invalid (#13164)
The server cannot always determine when a watched word regular
expression is invalid and this commit implements the check on the client
side.
2021-05-27 19:42:43 +03:00
Bianca Nenciu b56e9ad656
DEV: Simplify watched word code (#13103)
* DEV: Use site setting instead

* DEV: Use .length instead of a different property

* DEV: Simplify watched word code
2021-05-27 19:20:26 +03:00
Jarek Radosz 3f5d868219
DEV: Add peer dependencies (#13132)
Fixes yarn warnings.

* DEV: Add `eslint` peer dependency
* DEV: Add `@babel/core` peer dependency
* DEV: `npx yarn-deduplicate` & `yarn`
2021-05-25 18:39:40 +02:00
Jarek Radosz 51b360916c
DEV: Use `import { inject as controller}` Ember idiom (#13140) 2021-05-25 18:37:32 +02:00
Bianca Nenciu f700f3ef00
FEATURE: Support tag and replace in watched words in test modal (#13100)
The modal showed only the matches, without the replacement or tags.
2021-05-21 17:50:24 +03:00