Commit Graph

36378 Commits

Author SHA1 Message Date
Kane York f2b95c1918 FIX: Allow quoting from a closed topic while writing a reply
composer.(controller).visible is true as long as state is not 'closed'.
2020-03-06 10:53:01 -08:00
Jeff Wong 86690155b3
FEATURE: prevent accidental canceling when drafting penalties (#9129)
Pop up a confirmation box when there is input. This prevents accidental closing
of the dialog boxes due to clicking outside.

This adds a development hook on modals in the form of a `beforeClose`
function. Modal windows can abort the close if the funtion returns false.

Additionally fixing a few issues with loop and state on the modal popups:

Escape key with bootbox is keyup.
Updating modal to close on keyup as well so escape key is working.
Fixes an issue where pressing esc will loop immediately back to the modal by:
keydown -> bootbox -> keyup -> acts as "cancel", restores modal

Needs a next call to reopenModal otherwise, keyup is handled again by the modal.
Fixes an issue where pressing esc will loop immediately back to the confirm:
esc keyup will be handled and bubble immediately back to the modal.

Additionally, only handle key events when the #discourse-modal is visible.
This resolves issues where escape or enter events were being handled by
a hidden modal window.
2020-03-06 09:36:56 -08:00
Roman Rizzi 87687c0819
Drop unnecessary readonly_during_backup setting (#9112) 2020-03-06 14:29:00 -03:00
Blake Erickson 43b54c631d
DEV: Reserve webhook event types to be used in plugins (#9110)
* DEV: Reserve webhook event types to be used in plugins

Based on feedback on the following PR's:

https://github.com/discourse/discourse-solved/pull/85

https://github.com/discourse/discourse-assign/pull/61

This commit reserves ID's to be used for webhook event types to ensure
that some other webhook or plugin doesn't end up using the same ID.

* Fix broken test

I don't think this test has to test ALL event types to verify that this
feature is working. Now that we added some event types that plugins are
using this test was failing for missing fabricators that exist in the
respective plugins.

* remove loop and just test first record
2020-03-06 10:16:19 -07:00
Jarek Radosz ef6b7bd776
DEV: Use aliased `inject` imports (#9086)
This is a common Ember idiom for easier differentiation between controller and service imports.
2020-03-06 11:41:41 -05:00
Dan Dascalescu 03d5a80aef
Elastic Email can now disable the UNSUB link for Discourse installs (#8986)
* Elastic Email can now disable the UNSUB link for Discourse installs

* Update docs/INSTALL-email.md

Co-authored-by: Régis Hanol <regis@hanol.fr>
2020-03-06 11:38:01 -05:00
Mark VanLandingham 475f545557
DEV: Test theme js compiler append_raw_template (#8950)
* DEV: Test for append_raw_template

* remove empty line
2020-03-06 11:35:52 -05:00
Joffrey JAFFEUX a24f51278a
DEV: enforces link-rel-noopener linting rule (#8936)
* DEV: enforces link-rel-noopener linting rule

* oops

* better syntax
2020-03-06 11:35:18 -05:00
Robin Ward 91682408e0 Remove very bad tests 2020-03-06 09:35:55 -05:00
Robin Ward a5f61729e0 Revert "Revert "FIX: Don't allow people to clear the upload bucket while it's enabled""
This reverts commit d4fc76b335.
2020-03-06 09:35:55 -05:00
Roman Rizzi 665d8564d8
DEV: Use the updated version of our mousetrap fork (#9111) 2020-03-06 11:19:34 -03:00
David Taylor ff62911a89
FEATURE: New route for loading multiple user cards simultaneously (#9078)
Introduces `/user-cards.json`

Also allows the client-side user model to be passed an existing promise when loading, so that multiple models can share the same AJAX request
2020-03-06 12:23:22 +00:00
Martin Brennan 29ccdf5d35
FIX: Show a nicer error if name/code missing for TOTP/Security Keys (#9124)
Meta: https://meta.discourse.org/t/improve-error-message-when-not-including-name-setting-up-totp/143339

* when the user creates a TOTP second factor method we want
to show them a nicer error if they forget to add a name
or the code from the app, instead of the param missing error
* also add a client-side check for this and for security key name,
no need to bother the server if we can help it
2020-03-06 14:37:40 +10:00
Sam Saffron 494379201d
DEV: attempt to stabilize flaky spec
Spec was checking implementation when it did not need to, temp file was blank
so optimized image should be blank
2020-03-06 12:57:12 +11:00
Jeff Wong 6fe91bbbbb
Revert "FEATURE: prevent accidental canceling when drafting penalties (#9105)" (#9122)
This reverts commit 243284f998.

There are some issues in how the JS tests interact that I will need to figure out here before this can be merged.
2020-03-05 17:29:51 -08:00
Jeff Wong 243284f998
FEATURE: prevent accidental canceling when drafting penalties (#9105)
Pop up a confirmation box when there is input. This prevents accidental closing
of the dialog boxes due to clicking outside.

This adds a development hook on modals in the form of a `beforeClose`
function. Modal windows can abort the close if the funtion returns false.

Additionally fixing a few issues with loop and state on the modal popups:

Escape key with bootbox is keyup.
Updating modal to close on keyup as well so escape key is working.
Fixes an issue where pressing esc will loop immediately back to the modal by:
keydown -> bootbox -> keyup -> acts as "cancel", restores modal

Needs a next call to reopenModal otherwise, keyup is handled again by the modal.
Fixes an issue where pressing esc will loop immediately back to the confirm:
esc keyup will be handled and bubble immediately back to the modal.

Additionally, only handle key events when the #discourse-modal is visible.
This resolves issues where escape or enter events were being handled by
a hidden modal window.
2020-03-05 15:55:35 -08:00
Rafael dos Santos Silva 54f67661ac FEATURE: Option to connect to Redis using SSL 2020-03-05 20:49:05 -03:00
Robin Ward d4fc76b335 Revert "FIX: Don't allow people to clear the upload bucket while it's enabled"
This reverts commit 4bb8db024c.
2020-03-05 16:29:59 -05:00
Neil Lalonde 3e21d40bc4
Version bump to v2.5.0.beta2 2020-03-05 16:10:28 -05:00
Robin Ward 4bb8db024c FIX: Don't allow people to clear the upload bucket while it's enabled 2020-03-05 16:04:52 -05:00
Kane York d1cceff0e7 DEV: fix formatting 2020-03-05 12:59:16 -08:00
Robin Ward 9ab2a15691 Warn if their CDN URL doesn't have a protocol
This can be confusing:
https://meta.discourse.org/t/discourse-cdn-url-breaks-rebuild-restore/136844
2020-03-05 15:38:27 -05:00
Kane York 670b855f94 FEATURE: Treat /go/ as a server-side route
Ninja superuser implementation of routable permalinks with no UI or
permission changes yet.
2020-03-05 12:24:56 -08:00
Kane York 10ddb8a9c4 FIX: Use destroy_all instead of delete_all for shared drafts
Rails has an odd behavior for calling .delete_all on a has_many relation - the
default behavior is to nullify the foreign key fields instead of actually
'DELETE'ing the records.

Additionally, publishing a shared draft topic creates a PostRevision that the
NotifyPostRevision job picks up which is then promptly deleted.

Use destroy_all when cleaning up the revisions and have the NotifyPostRevision
job tolerate deleted PostRevision records.

This takes a small performance hit (several SQL DELETEs instead of just one)
but shouldn't be too much of an issue (high cardinalities range from 30-100).
2020-03-05 11:13:43 -08:00
Justin DiRose a46741cbb9
DEV: Clean up selectors on backup modal (#9114) 2020-03-05 12:25:10 -06:00
David Taylor 5b3630dba3
FIX: Do not raise an error when in:all search is performed by anon (#9113)
Also improve in:all specs to catch to catch similar failures
2020-03-05 17:50:29 +00:00
Neil Lalonde 4b70719a48
Update translations 2020-03-05 12:45:42 -05:00
Robin Ward e01d5e2adc SECURITY: Add more restrictions on invite emails
They could be filtered and returned in some circumstances where they
shouldn't have been.
2020-03-05 09:23:21 -05:00
Robin Ward 79ce7085c2 SECURITY: Ensure the invite JSON API matches the UX
Anonymous users could query the invite json and see counts and
summaries which is not allowed in the UX of Discourse.

This commit has those endpoints return a 403 unless the user is
allowed to invite.
2020-03-05 09:23:21 -05:00
Vinoth Kannan d953c908d2 FEATURE: add child theme components in theme metadata.
Now theme creators can add an array of child theme components in about.json file for a top level theme.
2020-03-05 18:28:18 +05:30
Daniel Waterworth 83e649d08e FIX: Clobbering plugin files on startup is problematic
On startup, (including when starting a rails console) we manipule a
collection of plugin files. Writing these files is done in multiple
observable steps, which presents opportunities for race conditions and
causes temporary corruption.

This commit uses the write, fsync and rename trick to atomically
overwrite these files instead, but reads them first to avoid unnecessary
writes.

c457d3bf was a previous attempt to fix the same problem.
2020-03-05 11:51:56 +00:00
Arpit Jalan a157f4aaaa Remove invite_admin route. 2020-03-05 06:45:08 +05:30
Kris 3610709b6c Add classes for second-factor preferences 2020-03-04 16:53:32 -05:00
Kris 6afeb91a4d UX: Input adjustments for category setting modal (tags tab) 2020-03-04 14:48:22 -05:00
Kris 0e3e32f06c Remove some legacy tiger-striping css 2020-03-04 13:50:48 -05:00
tshenry 1c60c731ba
DEV: Mark `discourse-categories-suppressed` as official 2020-03-04 09:35:04 -08:00
Gerhard Schlager 8fa8bab9ff FIX: Don't optimize icons during db:migrate when restoring backup
Uploads are extracted after the DB migration, so this could lead to a failure during the restore. Site icons get optimized after extracting uploads.
2020-03-04 16:59:49 +01:00
dependabot-preview[bot] 5c581b475a
Build(deps): Bump oj from 3.10.3 to 3.10.5 (#9107)
Bumps [oj](https://github.com/ohler55/oj) from 3.10.3 to 3.10.5.
- [Release notes](https://github.com/ohler55/oj/releases)
- [Changelog](https://github.com/ohler55/oj/blob/develop/CHANGELOG.md)
- [Commits](https://github.com/ohler55/oj/compare/v3.10.3...v3.10.5)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-03-04 10:06:13 -05:00
Joffrey JAFFEUX 33f77e51b8
FIX: allows to select the action when agreeing with penalty (#9099)
Note this commit also fixes an issue where the edit post actions was trying to focus the edit textarea, but was using jquery functions on a DOM node.

scrollTo is not available on IE11 but that shouldn't cause much trouble.
2020-03-04 09:32:15 -05:00
Gerhard Schlager 93b8b04b06 FIX: Migrating uploads to S3 could miss files
The rake task aborted the migration with "Already migrated" when all upload URLs linked to the correct S3 bucket even though the files didn't exist on S3. By removing the first check we force the rake task to check for the existance of uploads on S3.
2020-03-04 12:50:48 +01:00
Sam Saffron 9cbed7ee46
Revert "FIX: under concurrent usage booting rails could cause plugin corruption"
This reverts commit c457d3bf28.

Something is not right about this fix, reverting.
2020-03-04 17:10:36 +11:00
Sam Saffron 0054ccc522
Revert "DEV: correct typo in param name"
This reverts commit dae5b3d673.

Something is not right about my fix reverting
2020-03-04 17:10:14 +11:00
Sam Saffron dae5b3d673
DEV: correct typo in param name
Followup to c457d3bf

It did cause a test suite failure as expected
2020-03-04 16:55:53 +11:00
Sam Saffron c457d3bf28
FIX: under concurrent usage booting rails could cause plugin corruption
Previously on boot we were always removing and adding the same pre-generated
files and symlinks.

This change attempts to avoid writing any automatically generated content if
it is exactly what it should be on disk.

This corrects issues where running a rails console can temporarily corrupt
internal state in production.
2020-03-04 16:48:06 +11:00
Jeff Wong 97545ee4a0
REFACTOR: separate post_can_act logic in post action creator (#9103)
Package logic of the post can act a little bit better so that overriding
methods can easily reuse the logic.
2020-03-03 14:56:37 -10:00
Martin Brennan 3e54e0191e
FIX: Use full URL for secure attachments when secure media enabled (#9037)
When secure media is enabled and an attachment is marked as secure we want to use the full url instead of the short-url so we get the same access control post protections as secure media uploads.
2020-03-04 10:11:08 +11:00
dependabot-preview[bot] f971ecd231
Build(deps): Bump nokogiri from 1.10.8 to 1.10.9 (#9093)
Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.10.8 to 1.10.9.
- [Release notes](https://github.com/sparklemotion/nokogiri/releases)
- [Changelog](https://github.com/sparklemotion/nokogiri/blob/v1.10.9/CHANGELOG.md)
- [Commits](https://github.com/sparklemotion/nokogiri/compare/v1.10.8...v1.10.9)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-03-03 10:19:34 -05:00
David Taylor 65cc61be7a
PERF: Allow preloading 'recent time read' for a user (#9076)
This will be used when serializing multiple user cards
2020-03-03 13:57:46 +00:00
David Taylor d23f7af3cb
PERF: Allow user serializer to make use of preloaded custom fields (#9074) 2020-03-03 13:56:54 +00:00
Martin Brennan 0df72a51b8
FIX: Stop infinite lookup-urls issue for video/audio on page (#9096)
Meta report: https://meta.discourse.org/t/excessive-requests-to-uploads-lookup-urls-leading-to-429-response/143119

* The data-orig-src attribute was not being removed from cooked
video and audio so the composer was infinitely trying to get the
URLs for them, which would never resolve to anything
* Also the code that retrieved the short URL was unscoped, and was
getting everything on the page. if running from the composer we
now scope to the preview window
* Also fixed a minor issue where the element href for the video
and audio tags was not being set when the short URL was found
2020-03-03 15:44:01 +11:00