To check if a post contains any embedded media, we look if the "image_sizes" attribute is present in the new post manager arguments.
We want to see one boxed links, but we only store the raw content of the post. To work around this, I extracted the onebox logic from the composer editor into a module.
This commit also:
- deprecate an old way of using actions for future removal
- removes all the hidden/block/... logic, as we just rely on parent being displayed or not
* FEATURE: Diffrentiate between group + individual mentions
This commit adds the necessary code for Discorse core to differentiate between group + individual mentions in the notification user panel and notification page.
It changes the group mention icon from `at` to `users` as well as adds context as to which group was mentioned in the topic.
Groups page was loading fields that are only used on the group show
page, so move those fields to the GroupShowSerializer.
Also only fetch the default category and tag notifications once.
The current situation could cause a transition on the button to end after/during modal has shown and causing the button to get focus again. Browsers would then refuse to switch focus.
This is a kinda convulted solution, but it's a general purpose solution which doesn't involve changing anything in plugins/themes or core templates.
* REFACTOR: reworks all the search-advanced-options panel
This commit includes the following changes:
- prevents any mutation of external (to the component) values
- get rid of observers
- uses @action
- minor UI tweaks
- dropped the unecessary debounce
- drops all the legacy code for badges/groups which is not being used
- replaces user-selector by user-chooser and improves multi-select to not show `search` if maximum has been reached
Most importantly this refactor should fix multiple bugs due to _update() being called multiple times if searchTerm was empty and other various bugs where some changes in searchTerm was not applied to the sidebar.
This PR removes the user reminder topic timers, because that system has been supplanted and improved by bookmark reminders. The option is removed from the UI and all existing user reminder topic timers are migrated to bookmark reminders.
Migration does this:
* Get all topic_timers with status_type 5 (reminders)
* Gets all bookmarks where the user ID and topic ID match
* Loops through the found topic timers
* If there is no bookmark for the OP of the topic, then we just create a bookmark with a reminder
* If there is a bookmark for the OP of the topic and it does **not** have a reminder set, then just
update it with the topic timer reminder
* If there is a bookmark for the OP of the topic with a reminder then just discard the topic timer
* Cancels all outstanding user reminder topic timers
* **Trashes (not deletes) all user reminder topic timers**
Notes:
* For now I have left the user reminder topic timer job class in place; this is so the jobs can be cancelled in the migration. It and the specs will be deleted in the next PR.
* At a later date I will write a migration to delete all trashed user topic timers. They are not deleted here in case there are data issues and they need to be recovered.
* A future PR will change the UI of the topic timer modal to make it look more like the bookmark modal.
* DEV - versions of JS files written to a JS file to be included by load-script and appended as params to URLs
* Formatting
* Incorporate feedback from PR
* Update filename of public-js-versions
Before this commit, onShow code could be impacted by code happening after the onShow call. This should ensure this code works for example:
```
onShow() {
afterRender(() => {
someInput.focus();
})
}
```
Currently, if a group's visibility is set to "Group owners, members" then the mods can't view those group pages. The same rule is applied for members visibility setting too.
This reverts commit 7fc7090. And fixed the spec test fails.
Moderators should not be able to see `UserSerializer#group_users` and `UserSerializer#second_factor_enabled` of other users.
Impact of leaking this is low because the information leaked is not
exploitable.
Currently, if a group's visibility is set to "Group owners, members" then the mods can't view those group pages. The same rule is applied for members visibility setting too.
After restoring a backup it takes up to 48 hours for uploads stored on S3 to appear in the S3 inventory. This change prevents alerts about missing uploads by preventing the EnsureS3UploadsExistence job from running in the first 48 hours after a restore. During the restore it deletes the count of missing uploads from the PluginStore, so that an alert isn't triggered by an old number.
This moves the logic for horizontally placing the topic progress wrapper from the JS component to SCSS. Doing so means it is more easily overridable by themes and plugins.
This also changes the left/right spacing from 1em to 2em for non-mobile screens (it fits better on iPad portrait especially).
Admins can currently add the bookmarks discovery route link
to the homepage interface, but users can't presently select
that as their default home view. This change facilitates that,
adding the option to the existing Default Home Page dropdown on
the User Preferences Interface page.
This commit adds the `!important` declaration to `.hidden` utility/helper class. Without the `!important` declaration, it is not applied correctly across the site.
If a user always read all group messages, we will never update the
`first_pm_unread_at` column since the previous query will not return the
group_user. Instead, we should update `first_pm_unread_at` to the
current timestamp if the user has read everything.
Follow-up to 9b75d95fc6
Incorrect search filters like `in:personalasd` will end up checking the
checkbox for `in:personal` because the regexp used was only doing prefix
matching.
This PR introduces a few important changes to secure media redaction in emails. First of all, two new site settings have been introduced:
* `secure_media_allow_embed_images_in_emails`: If enabled we will embed secure images in emails instead of redacting them.
* `secure_media_max_email_embed_image_size_kb`: The cap to the size of the secure image we will embed, defaulting to 1mb, so the email does not become too big. Max is 10mb. Works in tandem with `email_total_attachment_size_limit_kb`.
`Email::Sender` will now attach images to the email based on these settings. The sender will also call `inline_secure_images` in `Email::Styles` after secure media is redacted and attachments are added to replace redaction messages with attached images. I went with attachment and `cid` URLs because base64 image support is _still_ flaky in email clients.
All redaction of secure media is now handled in `Email::Styles` and calls out to `PrettyText.strip_secure_media` to do the actual stripping and replacing with placeholders. `app/mailers/group_smtp_mailer.rb` and `app/mailers/user_notifications.rb` no longer do any stripping because they are earlier in the pipeline than `Email::Styles`.
Finally the redaction notice has been restyled and includes a link to the media that the user can click, which will show it to them if they have the necessary permissions.
Roman Rizzi
Robin Ward
Joffrey JAFFEUX
Penar Musaraj
Jordan Vidrine
Osama Sayegh
Daniel Waterworth
Guo Xiang Tan
Martin Brennan
Neil Lalonde
Arpit Jalan
Jarek Radosz
jbrw
Faizaan Gagan
jbrw
Vinoth Kannan
Kane York
Gerhard Schlager
Ahmed Gagan
Robert
Jordan Vidrine
Joshua Rosenfeld
dependabot[bot]
awesomerobot
Bianca Nenciu
Bianca Nenciu
