Commit Graph

28866 Commits

Author SHA1 Message Date
Rafael dos Santos Silva
f1d794f32d
FIX: Use / for start_url in webmanifest on non-subfolder installs (#20167)
See https://meta.discourse.org/t/i-want-to-make-changes-to-manifest-json-file/253050?u=falco
2023-02-03 16:48:05 -03:00
Joffrey JAFFEUX
232c9d84b7
FIX: autocomplete showing under keyboard on android (#20168)
Fixed had been added when autocomplete was used in the discourse header. This shouldn't be needed anymore. This was causing the preventOverflow to not work correctly on Android.

This fix fix also adds an optimisation to refer top of the input when on mobile. This is done to avoid cases where the screen is actually slightly taller than the viewport with keyboard visible on Android leading popper to think there's space under the input.
2023-02-03 20:47:50 +01:00
Isaac Janzen
132e802d5d
DEV: Dock glimmer-topic-timeline with animation (#20166)
- Move docking logic (intersection / dockAt / etc) from `glimmer-topic-timeline` -> `topic-timeline/container` to live alongside the `postScrolled` hook.
- Toggle `timeline-docked` and `timeline-docked-bottom` when we are at the bottom of a topic. This returns the missing animation to the glimmer-topic-timeline (pictured below).

https://user-images.githubusercontent.com/50783505/216655735-906ccd2a-b77e-45af-9a7b-c22680eca2dc.mov
2023-02-03 12:01:59 -06:00
Kris
e5f557b971
UX: move data export to preferences page for new user nav (#20141) 2023-02-03 11:19:08 -05:00
Isaac Janzen
2bff6dbe26
DEV: Add user-tip back to glimmer-topic-timeline (#20165)
Add the user-tip back to the glimmer topic timeline

<img width="555" alt="Screenshot 2023-02-03 at 9 38 45 AM" src="https://user-images.githubusercontent.com/50783505/216644897-cdd3244f-e565-49ea-a929-5faa87f8ce57.png">
2023-02-03 10:15:38 -06:00
David Taylor
d90a31d5b4
DEV: Support appending glimmer into existing post elements (#20164)
Previously `helper.renderGlimmer()` would always create a new wrapper element. This is required when using `RenderGlimmer` within widgets, where there is no direct access to DOM elements. However, when using within `decorateCooked`, we have the ability to pass an existing element to `{{#in-element}}` and have the glimmer content appended with no additional wrappers.

This commit makes the `renderInto` accept an existing DOM node for this 'append' behavior. The previous 'new wrapper element' behaviour is still used when a string is passed.
2023-02-03 16:07:11 +00:00
Isaac Janzen
66b015b472
DEV: Remove 'widget-button' from glimmer-topic-timeline (#20155)
# Context
The class of `widget-button` was kept in the upgraded version of the topic timeline to keep the preexisting logic of how we open / close child and parent modals.

# Problem
<img width="1242" alt="Screenshot 2023-02-02 at 3 45 53 PM" src="https://user-images.githubusercontent.com/50783505/216456778-11a3d0ce-5e33-4b85-89af-a2a32e39a1f6.png">

With the `widget-button` class removed from the topic timeline, clicking the button (highlighted in the image above) would close itself when populating the `jumpToPostPrompt` modal. This is not the behavior we want so class was kept on the button. The upgrade to ember octane entails moving away from widgets and all of its functionality... so we don't want to carry the debt of utilizing the `widget-button` class.

# Solution
Create a new class `.timeline-open-jump-to-post-prompt-btn` to be added to the `_expanded` function. When this class is present on a child or a parent of the button clicked, we do not collapse the modal. This gives us the expected behavior of maintaining both modals open at the same time.

<img width="1176" alt="Screenshot 2023-02-02 at 3 50 59 PM" src="https://user-images.githubusercontent.com/50783505/216457612-ab313758-bfa9-4913-bd29-d5224faf5187.png">

# Other 
Obviously adding this as jquery is not ideal, but to prevent scope creep we will need to refactor this in a separate PR.
2023-02-03 07:47:41 -06:00
Gerhard Schlager
e17c145e8d
FIX: Category hashtags weren't always found for sub-sub-categories (#20156)
The algorithm failed to find the correct category by slug when there are multiple sub-sub-categories with the same child-category name and the first child doesn't  have the correct grandchild.

So, searching for "child / grandchild" worked in the following case, it found (3):

- (1) parent 1
  - (2) child
    - (3) grandchild
- (4) parent 2
  - (5) child
    - (6) grandchild

But it failed to find the grandchild in the following case:

- (1) parent 1
  - (2) child
- (4) parent 2
  - (5) child
    - (6) grandchild

And this also fixes a flaky spec by forcing categories to always order by by `parent_category_id` and `id`.
This makes it possible to partly revert 60990aab55
2023-02-03 12:17:52 +01:00
dependabot[bot]
6c80e17b92
Build(deps): Bump ember-cli-app-version in /app/assets/javascripts (#20152)
Bumps [ember-cli-app-version](https://github.com/ember-cli/ember-cli-app-version) from 5.0.0 to 6.0.0.
- [Release notes](https://github.com/ember-cli/ember-cli-app-version/releases)
- [Changelog](https://github.com/ember-cli/ember-cli-app-version/blob/master/CHANGELOG.md)
- [Commits](https://github.com/ember-cli/ember-cli-app-version/compare/v5.0.0...v6.0.0)

---
updated-dependencies:
- dependency-name: ember-cli-app-version
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-02-03 11:14:42 +01:00
Krzysztof Kotlarek
84a87a703c
DEV: configurable custom sidebar sections (#20057)
Allows users to configure their own custom sidebar sections with links withing Discourse instance. Links can be passed as relative path, for example "/tags" or full URL.

Only path is saved in DB, so when Discourse domain is changed, links will be still valid.

Feature is hidden behind SiteSetting.enable_custom_sidebar_sections. This hidden setting determines the group which members have access to this new feature.
2023-02-03 14:44:40 +11:00
Sam
651476e89e
FIX: domain searches not working properly for URLs (#20136)
If a post contains domain with a word that stems to a non prefix single
words will not match it.

For example: in happy.com, `happy` stems to `happi`. Thus searches for happy
will not find URLs with it included.

This bloats the index a tiny bit, but impact is limited.

Will require a full reindex of search to take effect. 

When we are done refining search we can consider a full version bump.
2023-02-03 09:55:28 +11:00
Kris
e66fa8c48b
DEV: add plugin outlet to badge-card (#20143) 2023-02-02 16:22:40 -05:00
Kris
77f68cf278
A11Y: share label needs corresponding ID on input (#20148) 2023-02-02 16:22:07 -05:00
Isaac Janzen
277c5770b0
UX: Add transition to glimmer-topic-timeline fullscreen view (#20149)
- Rename `class` getter -> `classes` seeing that we are dealing with multiple classes
- Add `show` class to fullscreen topic timeline via `did-insert` to handle how CSS transitions only apply when an existing element changes its properties. We need to wait until `timeline-fullscreen` is painted to the DOM, and then add the `show` class later.
2023-02-02 15:00:02 -06:00
Isaac Janzen
8226fca6ed
DEV: Update glimmer topic timeline visibility state when a post is created (#20145)
# Problem
Creating a post on a topic, where the timeline is not shown by default, does not update the visibility state dynamically. You must refresh the page to have the timeline appear. 

# Solution 
This PR hooks into the `post-stream:posted` app event and checks if we can now display the timeline after a post has been created. This will update the visibility state dynamically.
2023-02-02 14:02:51 -06:00
Isaac Janzen
e82865726c
FIX: Back button action and position on glimmer topic timeline (#20121)
This PR introduces a proper `action` to the topic timeline `back-button` which will fix the button not being clickable (or functional) as well as removing a duplicate setting of `this.lastReadTop` which was causing odd positionings of the button.

This is very difficult to test due to the fact you have to manage the "read history" for a user to have the back button populate. We will have to move forward without one (as we did in the last version of the timeline 😅) for now.
2023-02-02 12:06:42 -06:00
Rafael dos Santos Silva
e4fd3d9850
FIX: Better ordering of similar user search suggestions (#20142)
* FIX: Better ordering of similar user search suggestions
2023-02-02 14:39:44 -03:00
Rafael dos Santos Silva
14cf8eacf1
FEATURE: Use similarity in user search (#20112)
Currently, when doing `@mention` for users we have 0 tolerance for typos and misspellings.

With this patch, if a user search doesn't return enough results we go and use `pg_trgm` features to try and find more matches based on trigrams of usernames and names.

It also introduces GiST indexes on those fields in order to improve performance of this search, going from 130ms down to 15ms in my tests.

This is all gated in a feature flag and can be enabled by running  `SiteSetting.user_search_similar_results = true` in the rails console.
2023-02-02 13:35:04 -03:00
David Taylor
ca2b2d034f
DEV: Introduce API for rendering Glimmer inside posts (#20140)
`helper.renderGlimmer` will return an HTML element which can be added to a post's `cooked`

Example usage:
```
import { hbs } from "ember-cli-htmlbars";

api.decorateCookedElement((cooked, helper) => {
  const glimmerElement = helper.renderGlimmer(
    "div.my-wrapper-class",
    hbs`<DButton @icon={{@data.param}} @translatedLabel="Hello world from Glimmer Component"/>`,
    { param: "user-plus" }
  );
  cooked.appendChild(glimmerElement);
}, { onlyStream: true, id: "my-id" });
```

See `widgets/render-glimmer.js` for more detailed usage information.
2023-02-02 16:25:57 +00:00
Kris
adbf69c300
A11Y: add aria-label to embedded jump link (#20117) 2023-02-02 09:41:39 -05:00
Kris
5a7b942aff
A11Y: aria-label for the post edit history button (#20123) 2023-02-02 09:41:28 -05:00
Kris
bb2341b82c
A11Y: add aria tags for topic map expansion (#20122) 2023-02-02 09:36:00 -05:00
Kris
3cb8be706c
A11Y: history modal mode toggles need aria-labels (#20125) 2023-02-02 09:35:10 -05:00
Penar Musaraj
a32e6b5771
FIX: Use username_lower in user menu router lookup (#20115)
For a user whose username has an uppercase character, the new user menu
dropdown was not defaulting to "Inbox" because the Ember router uses
lowercased usernames which were not matching with the `username`
property. Switching to `username_lower` fixes the issue.
2023-02-02 09:14:16 -05:00
Penar Musaraj
6bbf832400
DEV: Allow HTML in grant admin dialog (#20133)
In a private plugin, we need to show an error message containing HTML
when the Grant Admin action fails. This change introduces a new flag
(`html_message: true`) that when used will allow the dialog to render
the HTML tags in the error message correctly.
2023-02-02 09:09:25 -05:00
David Taylor
fa30ab4ed7 DEV: Correct hbs prettier violations 2023-02-02 13:03:11 +00:00
Selase Krakani
2e78045af1
FIX: Extend username updates to self-mentions (#20071)
Posts with self-mentions aren't updated with username updates. This happens
because mention `UserAction` entries aren't logged for self-mentions.

This change updates the lookup of `Post` and `PostRevision` with mentions to bypass
`UserAction` entries.
2023-02-02 12:33:42 +00:00
dependabot[bot]
c3f3b25737
Build(deps): Bump sass from 1.57.1 to 1.58.0 in /app/assets/javascripts (#20120)
Bumps [sass](https://github.com/sass/dart-sass) from 1.57.1 to 1.58.0.
- [Release notes](https://github.com/sass/dart-sass/releases)
- [Changelog](https://github.com/sass/dart-sass/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sass/dart-sass/compare/1.57.1...1.58.0)

---
updated-dependencies:
- dependency-name: sass
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-02-02 11:45:11 +01:00
David Taylor
c8f4a2cfb9
DEV: Use template-only for RenderGlimmer helper (#20138)
We don't need a full glimmer component here - the class definition was empty. We can use templateOnly() for slightly improved performance.

Setting `component.name` improves how MountWidget is displayed for debugging in the Ember Inspector browser extension.
2023-02-02 09:52:44 +00:00
Alan Guo Xiang Tan
ce531913a8
FIX: Sync user's reviewables count when loading reviewables list (#20128)
1. What is the problem here?

When a user's reviewables count changes, the changes are published via
MessageBus in a background Sidekiq job which means there is a delay before the
client receives the MessageBus message with the updated count. During
the time the reviewables count for a user has been updated and the time
when the client receives the MessageBus message with the updated count,
a user may view the reviewables list in the user menu. When that happens, the number of
reviewables in the list may be out of sync with the count shown.

2. What is the fix?

Going forward, the response for the `ReviewablesController#user_menu_list` action will include the user's reviewables count as
the `reviewables_count` attribute. This is then used by the client side
to update the user's reviewables count to ensure that the reviewables
list and count are kept in sync.
2023-02-02 10:19:51 +08:00
Sam
4570118a63
FIX: search index duplicate parser matching is too restrictive (#20129)
Previous regex did not allow for cases where a lexeme contains a : (colon)

This can happen when parsing URLs. New algorithm allows for this.
Test was amended to more clearly call out index problems
2023-02-02 12:17:19 +11:00
Keegan George
41f265ae46
FIX: Emoji preview showing incorrect preview on keyboard focus (#20116) 2023-02-01 12:14:34 -08:00
Penar Musaraj
cb2569303f
UX: Add timezone aliases for IST, KST and JST (#20114) 2023-02-01 14:26:43 -05:00
Joffrey JAFFEUX
df50df041a
FIX: corrects a regression hiding avatar in user selector (#20107)
Due to the way templates work, the incorrect variable (user instead of item) was not causing any error, and just failing silently to display the avatar.

This commit is also providing a basic spec for completion of users and groups.
2023-02-01 16:42:39 +01:00
Osama Sayegh
f94951147e
FIX: Replace R2 gem with rtlcss for generating RTL CSS (#19636)
We've had a couple of problems with the R2 gem where it generated a broken RTL CSS bundle that caused a badly broken layout when Discourse is used in an RTL language, see a3ce93b and 5926386. For this reason, we're replacing R2 with `rtlcss` that can handle modern CSS features better than R2 does.

`rltcss` is written in JS and available as an npm package. Calling the `rltcss` from rubyland is done via the `rtlcss_wrapper` gem which contains a distributable copy of the `rtlcss` package and loads/calls it with Mini Racer. See https://github.com/discourse/rtlcss_wrapper for more details.

Internal topic: t/76263.
2023-02-01 14:21:15 +03:00
David Taylor
66256c15bd
UX: Calculate missing hover/selected colors from existing colors (#20105)
`--d-hover` is calculated to be equivalent to primary-100 in light mode, or primary-low in dark mode

`--d-selected` is calculated to be equivalent to primary-low in light mode, or primary-100 in dark mode

`lib/color_math` is introduced to provide some utilities for making these calculations.
2023-02-01 09:55:21 +00:00
Alan Guo Xiang Tan
07ef828db9
DEV: Improve MessageBus subscriptions for TopicTrackingState (#19767)
## Why do we need this change? 

When loading the ember app, [MessageBus does not start polling immediately](f31f0b70f8/app/assets/javascripts/discourse/app/initializers/message-bus.js (L71-L81)) and instead waits for `document.readyState` to be `complete`. What this means is that if there are new messages being created while we have yet to start polling, those messages will not be received by the client.

With sidebar being the default navigation menu, the counts derived from `topic-tracking-state.js` on the client side is prominently displayed on every page. Therefore, we want to ensure that we are not dropping any messages on the channels that `topic-tracking-state.js` subscribes to.  

## What does this change do? 

This includes the `MessageBus.last_id`s for the MessageBus channels which `topic-tracking-state.js` subscribes to as part of the preloaded data when loading a page. The last ids are then used when we subscribe the MessageBus channels so that messages which are published before MessageBus starts polling will not be missed.

## Review Notes

1. See https://github.com/discourse/message_bus#client-support for documentation about subscribing from a given message id.
2023-02-01 07:18:45 +08:00
Kris
85971a8b67
A11Y: embedded posts need disclosure widget attributes (#20048) 2023-01-31 13:01:49 -05:00
David Taylor
c760efc924
FIX: Allow non-persisted color-scheme colors to be edited (#20104)
When we introduce new color scheme colors, they are not immediately persisted to the database for all color schemes. Previously, this meant that they would be unavailable in the admin UI for editing. The only way to work with the new colors was to create a new color scheme.

This commit updates the serializer so that all colors are serialized, even if they are not yet persisted to the database for the current scheme. This means that they now show up in the admin UI and can be edited.
2023-01-31 17:10:32 +00:00
David Taylor
9e440dca33 DEV: Rename all uses of PluginOutlet @args in core
The `args` argument is now deprecated. This commit uses a codemod (https://github.com/discourse/discourse-ember-codemods/tree/main/transforms/rename-plugin-outlet-args) to automatically rename all uses to `@outletArgs`.
2023-01-31 13:51:25 +00:00
David Taylor
84f6a8399d DEV: Deprecate PluginOutlet @args in favour of @outletArgs 2023-01-31 13:51:25 +00:00
Gerhard Schlager
fe4a71848e
DEV: Fix flaky specs by explicitly ordering tags (#20097) 2023-01-31 14:38:42 +01:00
Jan Cernik
06817bd94f
FIX: Category permission change not creating a log (#20027)
It didn't create a log if the category was public { "everyone" => 1 }
2023-01-31 10:15:17 -03:00
David Taylor
26b5c0472f DEV: Remove use of PluginOutlet @tagName argument in core
The `tagName` argument is now deprecated. This commit uses a codemod (https://github.com/discourse/discourse-ember-codemods/tree/main/transforms/extract-plugin-outlet-tagname) to automatically remove the `@tagName` from all PluginOutlet invocations, and create a matching wrapper element so that the HTML structure is unchanged. We may want to remove some/all of these wrappers entirely in future, but that would be a riskier change which we should tackle on a case-by-case basis.
2023-01-31 12:15:37 +00:00
David Taylor
f9d5203610 DEV: Deprecate PluginOutlet tagName argument 2023-01-31 12:15:37 +00:00
chapoi
15b546978f
UX: flex horizontal form controls (#20098) 2023-01-31 12:38:44 +01:00
David Taylor
258471e7f2 DEV: Move editor-preview wrapper outside PluginOutlet
This outlet is the only one to pass an `@classNames` argument, which is no longer supported in the glimmer version of PluginOutlet. This commit moves the wrapper outside, thereby maintaining the old HTML structure.
2023-01-31 11:29:04 +00:00
David Taylor
9ce58c7e36 DEV: Re-evaluate plugin outlet shouldRender when inputs change
This commit updates the PluginOutlet component so that it calculates the list of connectors in an autotracking context. Accessing arguments or any other `@tracked` values during `shouldRender` means that the set of connectors will be re-calculated whenever those tracked values change.
2023-01-31 11:29:04 +00:00
David Taylor
30025a96f3 DEV: Convert PluginOutlet wrapper to a Glimmer component
PluginConnector remains a Classic Component, so this commit does not require any changes from plugin/theme developers.

Two shims are introduced for backwards compatibility:

- The component variable passed to shouldRender is replaced with a helperContext instance which includes all the common injections (the new PluginOutlet component instance does not have any of these)

- A custom component manager is introduced so that parentView continues to work. Using parentView was never really intended as an API, so it's now deprecated and will print a warning to the console. Users should switch to using the outlet's explicit arguments, or data from a service (e.g. the Router service).
2023-01-31 11:29:04 +00:00
Jarek Radosz
0dbb089b47
FIX: Don't spam presence requests when getting 429 (#20084)
The presence service would retry `/presence/update` requests every second (or immediately in tests) in case where server returns 429 (rate limit) errors. That could lead to infinite spamming (until user refreshed tab/tabs)

Co-authored-by: David Taylor <david@taylorhq.com>
2023-01-31 09:49:23 +01:00
Alan Guo Xiang Tan
f31f0b70f8
SECURITY: Hide PM count for tags by default (#20061)
Currently `Topic#pm_topic_count` is a count of all personal messages tagged for a given tag. As a result, any user with access to PM tags can poll a sensitive tag to determine if a new personal message has been created using that tag even if the user does not have access to the personal message. We classify this as a minor leak in sensitive information.

With this commit, `Topic#pm_topic_count` is hidden from users by default unless the `display_personal_messages_tag_counts` site setting is enabled.
2023-01-31 12:08:23 +08:00
Sam
07679888c8
FEATURE: allow restricting duplication in search index (#20062)
* FEATURE: allow restricting duplication in search index

This introduces the site setting `max_duplicate_search_index_terms`.
Using this number we limit the amount of duplication in our search index.

This allows us to more correctly weight title searches, so bloated posts
don't unfairly bump to the top of search results.

This feature is completely disabled by default and behind a site setting

We will experiment with it first. Note entire search index must be rebuilt
for it to take effect.


---------

Co-authored-by: Alan Guo Xiang Tan <gxtan1990@gmail.com>
2023-01-31 12:41:31 +11:00
Alan Guo Xiang Tan
c5c72a74b7
DEV: Fix flaky test due to a lack of deterministic ordering (#20087) 2023-01-31 08:57:34 +08:00
Jarek Radosz
7c1e1ef72b
DEV: Convert presence service tests to actual unit tests (#20076) 2023-01-30 23:31:39 +01:00
dependabot[bot]
2c81b70b01
Build(deps): Bump deepmerge in /app/assets/javascripts (#20082)
Bumps [deepmerge](https://github.com/TehShrike/deepmerge) from 4.2.2 to 4.3.0.
- [Release notes](https://github.com/TehShrike/deepmerge/releases)
- [Changelog](https://github.com/TehShrike/deepmerge/blob/master/changelog.md)
- [Commits](https://github.com/TehShrike/deepmerge/compare/v4.2.2...v4.3.0)

---
updated-dependencies:
- dependency-name: deepmerge
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-30 23:00:42 +01:00
dependabot[bot]
90ba62597a
Build(deps): Bump terser in /app/assets/javascripts (#20081)
Bumps [terser](https://github.com/terser/terser) from 5.16.1 to 5.16.2.
- [Release notes](https://github.com/terser/terser/releases)
- [Changelog](https://github.com/terser/terser/blob/master/CHANGELOG.md)
- [Commits](https://github.com/terser/terser/compare/v5.16.1...v5.16.2)

---
updated-dependencies:
- dependency-name: terser
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-30 23:00:11 +01:00
Joffrey JAFFEUX
73488f2f33
FIX: uses popper for cards 2023-01-30 21:12:30 +01:00
Natalie Tay
fda834d01c
Revert "DEV: uses popperjs for positioning user and group card (#20063)" (#20072)
This reverts commit 335c3f4621.
2023-01-31 02:51:05 +08:00
Natalie Tay
58234246ff
DEV: Remove elder from codebase and also update 'regular' to 'member' (#20065)
A while back the definition of TL was changed but many
areas in the codebase still use the term 'Regular user'
despite it having some implicit meaning (TL2).

See 20140905055251_rename_trust_level_badges.rb
2023-01-31 01:41:25 +08:00
Andrei Prigorshnev
b334f0070d
DEV: dry up the Do Not Disturb widget (#19494) 2023-01-30 21:23:06 +04:00
Rafael dos Santos Silva
587e9ed9ba
FEATURE: Enable service worker for Apple devices (#19643)
This is necessary so MacOS Ventura (and in 2023 iOS) can use our new
default push notifications.

We still disable caching of dynamic routes on Apple devices due to it's
always being buggy there.
2023-01-30 13:23:19 -03:00
Bianca Nenciu
9a196ced08
FEATURE: Move metadata user results to list bottom (#18977)
Partial username or name matches were shown together with metadata
matched results. This created a bad user experience because results
that look unrelated were before even partial or exact group matches.
2023-01-30 15:38:41 +02:00
Joffrey JAFFEUX
335c3f4621
DEV: uses popperjs for positioning user and group card (#20063)
Behavior should be very similar but the code is simplified and it should fix various bugs where the card was showing out of screen even if we had available space.
2023-01-30 14:15:10 +01:00
chapoi
18f7b47ecb
UX: improve emoji alignment for text (#19815)
* UX: improve emoji alignment for text

* UX: emoji exception for titles
2023-01-30 14:07:08 +01:00
chapoi
d0780eacdc
FIX: preserves avatar size inside onebox (#20066)
* UX: Wrap chat one-box avatars

* UX: restrict onebox image css to non-avatar
2023-01-30 13:59:25 +01:00
David Taylor
79bea9464c
PERF: Move user-tips and narrative to per-user messagebus channels (#19773)
Using a shared channel with per-message permissions means that every client is updated with the channel's 'last_id', even if there are no messages available to them. Per-user channel names avoid this problem - the last_id will only be incremented when there is a message for the given user.
2023-01-30 11:48:09 +00:00
Bianca Nenciu
23a74ecf8f
FIX: Truncate existing user status to 100 chars (#20044)
This commits adds a database migration to limit the user status to 100
characters, limits the user status in the UI and makes sure that the
emoji is valid.

Follow up to commit b6f75e231c.
2023-01-30 10:49:08 +02:00
Ayke Halder
9f14d643a5
DEV: use structured data in crawler-linkback-list for referencing only (#16237)
This simplifies the crawler-linkback-list to only be a point of reference to the actual DiscussionForumPosting objects.

See "Summary page": https://developers.google.com/search/docs/advanced/structured-data/carousel?hl=en#summary-page
> [It] defines an ItemList, where each ListItem has only three properties: @type (set to ListItem), position (the position in the list), and url (the URL of a page with full details about that item).
2023-01-30 08:26:55 +01:00
Ayke Halder
137dbaf0dc
DEV: declare post position as simple number in structured data (#16231)
This replaces the position declared as `#123` with the more simple version `123`.

The property position may be of type Integer or Text. A value of type Integer, or more precise of type Text which simply casts to integer, is sufficient here.
See: https://schema.org/position

In category-view the topic-list already uses this notation for the position of topics:
`<meta itemprop="position" content="123">`
2023-01-30 08:07:04 +01:00
Alan Guo Xiang Tan
7ec6e6b3d0
PERF: N+1 queries on /tags with multiple categories tags (#19906)
When the `tags_listed_by_group` site setting is disable, we were seeing
the N+1 queries problem when multiple `CategoryTag` records are listed.
This commit fixes that by ensuring that we are not filtering through the
category `tags` association after the association has been eager loaded.
2023-01-30 08:53:17 +08:00
Zachary Huff
0a8387ecd2
FIX: Validate asset url before replacing base url (#16438)
Co-authored-by: Joffrey JAFFEUX <j.jaffeux@gmail.com>
2023-01-30 07:32:48 +08:00
dependabot[bot]
8410b25f3c
Build(deps): Bump @babel/standalone in /app/assets/javascripts (#20055)
Bumps [@babel/standalone](https://github.com/babel/babel/tree/HEAD/packages/babel-standalone) from 7.20.13 to 7.20.14.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.20.14/packages/babel-standalone)

---
updated-dependencies:
- dependency-name: "@babel/standalone"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-29 22:44:40 +01:00
dependabot[bot]
15e854f0f7
Build(deps): Bump eslint in /app/assets/javascripts (#20054)
Bumps [eslint](https://github.com/eslint/eslint) from 8.32.0 to 8.33.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v8.32.0...v8.33.0)

---
updated-dependencies:
- dependency-name: eslint
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-29 22:44:14 +01:00
Keegan George
a4c68d4a2e
FIX: Failing system spec for rate limited search (#20046) 2023-01-27 12:14:29 -08:00
Kris
39eec37e75
A11Y: post avatars should not be tabbable (#20045) 2023-01-27 14:39:55 -05:00
Sam
2c8dfc3dbc
FEATURE: rate limit anon searches per second (#19708) 2023-01-27 10:05:27 -08:00
chapoi
5f90790110
Revert "Select-kit > use new color vars" (#20042)
This reverts commit 8534391044.
2023-01-27 18:09:50 +01:00
Blake Erickson
4ecfac39a6
FEATURE: Add separate api scope for topic status (#19978)
This will allow us more granular control over changing a topic status.
For example you can now force the scope to only allow closing topics in
a specific category. This means that the same scope can't be used to
re-open topics, or close topics in a different category.
2023-01-27 08:05:29 -07:00
chapoi
e03f6057ec
UX: Highlight var refactor (#20026)
* Add new color vars

* Select-kit > use new color vars

* update all color schemes with values for new hover/select vars

* Add variable yml names
2023-01-27 15:50:36 +01:00
Bianca Nenciu
b6f75e231c
FIX: Limit user status to 100 characters (#20040)
* FIX: Limit user status to 100 characters

* FIX: Make sure the emoji is valid
2023-01-27 16:32:27 +02:00
Bianca Nenciu
8fc11215e1
FIX: Ensure soft-deleted topics can be deleted (#19802)
* FIX: Ensure soft-deleted topics can be deleted

The topic was not found during the deletion process because it was
deleted and `@post.topic` was nil.

* DEV: Use @topic instead of finding the topic every time
2023-01-27 16:15:33 +02:00
Martin Brennan
079e1108f1
DEV: Remove stale TODO (#20039)
This TODO is irrelevant -- in reality this has not been a
perf issue, and there is not actually an N1 here. Furthermore,
this is only used in a single plugin, not in core.
2023-01-27 16:32:11 +10:00
Martin Brennan
48eb8d5f5a
Revert "DEV: Delete dead Topic#incoming_email_addresses code (#19970)" (#20037)
This reverts commit 88a972c61b.

It's actually used in some plugins.
2023-01-27 11:27:15 +10:00
Kris
0c967e6aa3
A11Y: add accessible label for bookmark name input (#20036) 2023-01-26 17:35:19 -05:00
Jan Cernik
665065bbc7
DEV: Fix ruby syntax tree linting error (#20028) 2023-01-26 17:17:00 -03:00
Roman Rizzi
d96b4bbb46
DEV: Include upload_id on image optimization errors to have more context (#19715) 2023-01-26 14:57:40 -03:00
dependabot[bot]
13e9f5054c
Build(deps-dev): Bump @embroider/test-setup in /app/assets/javascripts (#20017)
Bumps [@embroider/test-setup](https://github.com/embroider-build/embroider/tree/HEAD/packages/test-setup) from 2.1.0 to 2.1.1.
- [Release notes](https://github.com/embroider-build/embroider/releases)
- [Changelog](https://github.com/embroider-build/embroider/blob/main/CHANGELOG.md)
- [Commits](https://github.com/embroider-build/embroider/commits/HEAD/packages/test-setup)

---
updated-dependencies:
- dependency-name: "@embroider/test-setup"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-26 18:45:22 +01:00
Bianca Nenciu
2c9d76e510
FIX: Use specified limit option in user search (#20020) 2023-01-26 16:17:15 +02:00
jbrw
f8863b0f98
DEV: Limit concurrency of NotifyReviewables job (#19968)
Under scenarios of extremely high load where large numbers of `Reviewable*` items are being created, it has been observed that multiple instances of the `NotifyReviewable` job may run simultaneously.

These jobs will work satisfactorily if the concurrency is limited to 1, and the different types of jobs (items reviewable by admins, vs moderators, vs particular groups, etc.) are run eventually.

This change introduces a new option to `DistributedMutex` which allows the `max_get_lock_attempts` to be specified. If the number is exceeded an error will be raised, which will cause Sidekiq to requeue the job. Sidekiq has existing logic to back-off on retry times for jobs that have failed multiple times.
2023-01-25 15:19:11 -05:00
Bianca Nenciu
105fee978d
SECURITY: only show restricted tag lists to authorized users (#20004)
Co-authored-by: Penar Musaraj <pmusaraj@gmail.com>
2023-01-25 18:55:55 +02:00
Bianca Nenciu
cd7c8861ae
SECURITY: Remove bypass for base_url (#19995)
The check used to be necessary because we validated the referrer too and
this bypass was a workaround a bug that is present in some browsers that
do not send the correct referrer.
2023-01-25 13:50:45 +02:00
Natalie Tay
d5745d34c2
SECURITY: Limit the character count of group membership requests (#19993)
When creating a group membership request, there is no character
limit on the 'reason' field. This can be potentially be used by
an attacker to create enormous amount of data in the database.

Co-authored-by: Ted Johansson <ted@discourse.org>
2023-01-25 13:50:33 +02:00
Natalie Tay
f91ac52a22
SECURITY: Limit the length of drafts (#19989)
Co-authored-by: Loïc Guitaut <loic@discourse.org>
2023-01-25 13:50:21 +02:00
Loïc Guitaut
ec2ed5b7f6 FIX: Delete reviewables associated to posts automatically
Currently we don’t have an association between reviewables and posts.
This sometimes leads to inconsistencies in the DB as a post can have
been deleted but an associated reviewable is still present.

This patch addresses this issue simply by adding a new association to
the `Post` model and by using the `dependent: :destroy` option.
2023-01-25 09:45:36 +01:00
Martin Brennan
82182ec0c7
DEV: Add hashtag controller specs (#19983)
This is just cleaning up a TODO I had to add more specs
to this controller -- there are more thorough tests on the
actual HashtagService class and the type-specific hashtag
classes.
2023-01-25 17:13:32 +10:00
Martin Brennan
88a972c61b
DEV: Delete dead Topic#incoming_email_addresses code (#19970)
This code has been dead since b463a80cbf,
we can delete it now.
2023-01-25 09:34:41 +10:00
dependabot[bot]
3866867e45
Build(deps-dev): Bump @embroider/test-setup in /app/assets/javascripts (#19982) 2023-01-24 22:51:23 +01:00
dependabot[bot]
69c7f676ea
Build(deps): Bump ember-auto-import in /app/assets/javascripts (#19981) 2023-01-24 22:50:05 +01:00
Kris
75032f4752
UX: remove extra whitespace in search helper (#19980) 2023-01-24 15:27:05 -05:00
Kris
e71bf672cb
UX: prevent user card status overflow (#19979) 2023-01-24 13:58:24 -05:00
Kris
4da8e15801
A11Y: discourse-tags should have a role and label (#19977) 2023-01-24 13:04:32 -05:00
Kris
a57d6a0f75
A11Y: add aria-labels for flagging textareas (#19938) 2023-01-24 09:49:15 -05:00
Kris
7683b4bbfa
UX: improve bulk button layout and alignment (#19966) 2023-01-24 09:47:35 -05:00
Jarek Radosz
17deb79fcb
DEV: Fix random typos (#19973) 2023-01-24 15:41:01 +01:00
Aleksey Bogdanov
1bc39c1a4f
FIX: text selection breaks opening of links in new tabs (#19867)
When a user checks "Open all external links in a new tab" preference
he expects not to be overruled by unrelated text selections.
Yet if text is selected during a link click the link is followed on
the same tab. This change corrects that.
2023-01-24 14:17:03 +01:00
David Taylor
48713653df
DEV: Add failing test for api.modifyClass with native getters (#19911)
https://meta.discourse.org/t/251793/8
2023-01-24 10:41:48 +00:00
Martin Brennan
63fdb6dd65
FIX: Do not add empty use/svg tags in ExcerptParser (#19969)
There was an issue where if hashtag-cooked HTML was sent
to the ExcerptParser without the keep_svg option, we would
end up with empty </use> and </svg> tags on the parts of the
excerpt where the hashtag was, in this case when a post
push notification was sent.

Fixed this, and also added a way to only display a plaintext
version of the hashtag for cases like this via PrettyText#excerpt.
2023-01-24 14:40:24 +10:00
Vinoth Kannan
799202d50b
FIX: skip email if blank while syncing SSO attributes. (#19939)
Also, return email blank error in `EmailValidator`  when the email is blank.
2023-01-24 09:10:24 +05:30
Martin Brennan
0924f874bd
DEV: Use UploadReference instead of ChatUpload in chat (#19947)
We've had the UploadReference table for some time now in core,
but it was added after ChatUpload was and chat was just never
moved over to this new system.

This commit changes all chat code dealing with uploads to create/
update/delete/query UploadReference records instead of ChatUpload
records for consistency. At a later date we will drop the ChatUpload
table, but for now keeping it for data backup.

The migration + post migration are the same, we need both in case
any chat uploads are added/removed during deploy.
2023-01-24 13:28:21 +10:00
Krzysztof Kotlarek
ac4ee1a3d4
FIX: TL4 user is not redirected to latest when delete topic (#19967)
Continue of https://github.com/discourse/discourse/pull/19766

When TL4 is allowed to delete topic, they should not be redirected to / after that action.
2023-01-24 11:28:04 +11:00
Blake Erickson
a6291cd854
FEATURE: Add api scope for suspending users (#19965)
See: https://meta.discourse.org/t/request-separate-api-granular-api-scope-for-suspend-user/249928/5
2023-01-23 16:20:49 -07:00
Blake Erickson
774feb6614
FEATURE: Add api scope for create invite endpoint (#19964)
Adds an api scope for the POST /invite endpoint.
2023-01-23 16:20:22 -07:00
dependabot[bot]
bc9874033f
Build(deps): Bump qunit from 2.19.3 to 2.19.4 in /app/assets/javascripts (#19962) 2023-01-23 23:52:22 +01:00
Blake Erickson
09f5235538
FEATURE: Add api scope for search endpoint (#19955)
Adds two new api scopes for the /search endpoints:

- `/search.json?q=term`
- `/search/query.json?term=term`

see: https://meta.discourse.org/t/search-api-key-permissions/227244
2023-01-23 14:06:57 -07:00
Kris
239815c4a4
UX: fixes and adjustments for user nav (#19954) 2023-01-23 14:28:55 -05:00
Jordan Vidrine
1d7b50a0d3
FIX: Fix margin on mini-tag-chooser (#19953) 2023-01-23 10:39:57 -06:00
Jordan Vidrine
b26e0dcf35
UX: Set penalty history to sticky (#19933) 2023-01-23 07:14:23 -06:00
Martin Brennan
641e94fc3c
FEATURE: Allow changing slug on create channel (#19928)
This commit allows us to set the channel slug when creating new chat
channels. As well as this, it introduces a new `SlugsController` which can
generate a slug using `Slug.for` and a name string for input. We call this
after the user finishes typing the channel name (debounced) and fill in
the autogenerated slug in the background, and update the slug input
placeholder.

This autogenerated slug is used by default, but if the user writes anything
else in the input it will be used instead.
2023-01-23 14:48:33 +10:00
dependabot[bot]
54e5a2e4c4
Build(deps): Bump sass from 1.57.0 to 1.57.1 in /app/assets/javascripts (#19538)
Bumps [sass](https://github.com/sass/dart-sass) from 1.57.0 to 1.57.1.
- [Release notes](https://github.com/sass/dart-sass/releases)
- [Changelog](https://github.com/sass/dart-sass/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sass/dart-sass/compare/1.57.0...1.57.1)

---
updated-dependencies:
- dependency-name: sass
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-22 23:36:16 +01:00
dependabot[bot]
f81c94637a
Build(deps): Bump ember-rfc176-data in /app/assets/javascripts (#19925)
Bumps [ember-rfc176-data](https://github.com/ember-cli/ember-rfc176-data) from 0.3.17 to 0.3.18.
- [Release notes](https://github.com/ember-cli/ember-rfc176-data/releases)
- [Changelog](https://github.com/ember-cli/ember-rfc176-data/blob/master/CHANGELOG.md)
- [Commits](https://github.com/ember-cli/ember-rfc176-data/compare/v0.3.17...v0.3.18)

---
updated-dependencies:
- dependency-name: ember-rfc176-data
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-22 22:56:17 +01:00
dependabot[bot]
9be9f97373
Build(deps): Bump @babel/standalone in /app/assets/javascripts (#19945)
Bumps [@babel/standalone](https://github.com/babel/babel/tree/HEAD/packages/babel-standalone) from 7.20.12 to 7.20.13.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.20.13/packages/babel-standalone)

---
updated-dependencies:
- dependency-name: "@babel/standalone"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-22 22:53:57 +01:00
dependabot[bot]
36447fb043
Build(deps): Bump jsdom from 21.0.0 to 21.1.0 in /app/assets/javascripts (#19944)
Bumps [jsdom](https://github.com/jsdom/jsdom) from 21.0.0 to 21.1.0.
- [Release notes](https://github.com/jsdom/jsdom/releases)
- [Changelog](https://github.com/jsdom/jsdom/blob/master/Changelog.md)
- [Commits](https://github.com/jsdom/jsdom/compare/21.0.0...21.1.0)

---
updated-dependencies:
- dependency-name: jsdom
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-22 22:39:36 +01:00
Daniel Waterworth
666536cbd1
DEV: Prefer \A and \z over ^ and $ in regexes (#19936) 2023-01-20 12:52:49 -06:00
Kris
f7907a3645
A11Y: remove heading tags from user profile (#19935) 2023-01-20 12:27:07 -05:00
Kris
1521bace4f
A11Y: add secondary skip link to user profiles (#19926) 2023-01-20 10:30:57 -05:00
Kris
7ebd8a44f5
UX: hide date in timeline when wrapping (#19912) 2023-01-20 10:05:16 -05:00
Jordan Vidrine
b412f03b29
UX: Remove left margin (#19932) 2023-01-20 07:59:25 -06:00
Jordan Vidrine
62aa2adc74
UX: Add margin to search keyword (#19931) 2023-01-20 07:40:48 -06:00
Osama Sayegh
0c30f31f17
FIX: Allow modals to scroll on mobile when keyboard is open (#19930)
Meta topic: https://meta.discourse.org/t/android-keyboard-overlaps-text-when-flagging-with-something-else/249687?u=osama

On Android, it's currently not possible to scroll modals that take input from the user (such as the flagging modal) when the keyboard is open which means that the keyboard can cover up part of the modal with no way for the user to see the covered part without closing the keyboard. This commit adds some CSS to make these modals scrollable when the keyboard is open.
2023-01-20 14:23:19 +03:00
Ted Johansson
90d452ab6c
FIX: Don't display staff-only options to non-staff in group member bulk menu (#19907)
In the group member bulk edit menu we are displaying staff-only options
to non-staff. The requests are blocked by the back-end, so there is no
harm other than to the user experience.

Notably the individual user edit menu is correctly filtering out
unavailable options. This change brings the bulk edit menu in line with
that.
2023-01-20 11:16:04 +08:00
Krzysztof Kotlarek
b05f193cf0
FIX: move min tag setting to tags section in edit category (#19789)
`Minimum number of tags required in a topic` should be in `Tags` panel instead of `Settings`
2023-01-20 13:30:39 +11:00
Krzysztof Kotlarek
f409e977a9
FIX: deleted misconfigured embeddable hosts (#19833)
When EmbeddableHost is configured for a specific category and that category is deleted, then EmbeddableHost should be deleted as well.

In addition, migration was added to fix existing data.
2023-01-20 13:29:49 +11:00
Alan Guo Xiang Tan
f122f24b35
SECURITY: Default tags to show count of topics in unrestricted categories (#19916)
Currently, `Tag#topic_count` is a count of all regular topics regardless of whether the topic is in a read restricted category or not. As a result, any users can technically poll a sensitive tag to determine if a new topic is created in a category which the user has not excess to. We classify this as a minor leak in sensitive information.

The following changes are introduced in this commit:

1. Introduce `Tag#public_topic_count` which only count topics which have been tagged with a given tag in public categories.
2. Rename `Tag#topic_count` to `Tag#staff_topic_count` which counts the same way as `Tag#topic_count`. In other words, it counts all topics tagged with a given tag regardless of the category the topic is in. The rename is also done so that we indicate that this column contains sensitive information. 
3. Change all previous spots which relied on `Topic#topic_count` to rely on `Tag.topic_column_count(guardian)` which will return the right "topic count" column to use based on the current scope. 
4. Introduce `SiteSetting.include_secure_categories_in_tag_counts` site setting to allow site administrators to always display the tag topics count using `Tag#staff_topic_count` instead.
2023-01-20 09:50:24 +08:00
Alan Guo Xiang Tan
b00e160dae
PERF: Don't parse posts for mentions when user status is disabled (#19915)
Prior to this change, we were parsing `Post#cooked` every time we
serialize a post to extract the usernames of mentioned users in the
post. However, the only reason we have to do this is to support
displaying a user's status beside each mention in a post on the client side when
the `enable_user_status` site setting is enabled. When
`enable_user_status` is disabled, we should avoid having to parse
`Post#cooked` since there is no point in doing so.
2023-01-20 07:58:00 +08:00
Isaac Janzen
292d3677e9
FEATURE: Allow admins to permanently delete revisions (#19913)
# Context
This PR introduces the ability to permanently delete revisions from a post while maintaining the changes implemented by the revisions.
Additional Context: /t/90301

# Functionality
In the case a staff member wants to _remove the visual cue_ that a post has been edited eg.

<img width="86" alt="Screenshot 2023-01-18 at 2 59 12 PM" src="https://user-images.githubusercontent.com/50783505/213293333-9c881229-ab18-4591-b39b-e3419a67907d.png">

while maintaining the changes made in the edits, they can enable the (hidden) site setting of `can_permanently_delete`.
When this is enabled, after _hiding_ the revisions

<img width="149" alt="Screenshot 2023-01-19 at 1 53 35 PM" src="https://user-images.githubusercontent.com/50783505/213546080-2a9e9c55-b3ef-428e-a93d-1b6ba287dfae.png">

there will be an additional button in the history modal to <kbd>Delete revisions</kbd> on a post.

<img width="997" alt="Screenshot 2023-01-19 at 1 49 51 PM" src="https://user-images.githubusercontent.com/50783505/213546333-49042558-50ab-4724-9da7-08bacc68d38d.png">

Since this action is permanent, we display a confirmation dialog prior to triggering the destroy call

<img width="722" alt="Screenshot 2023-01-19 at 1 55 59 PM" src="https://user-images.githubusercontent.com/50783505/213546487-96ea6e89-ac49-4892-b4b0-28996e3c867f.png">

Once confirmed the history modal will close and the post will `rebake` to display an _unedited_ post.

<img width="868" alt="Screenshot 2023-01-19 at 1 56 35 PM" src="https://user-images.githubusercontent.com/50783505/213546608-d6436717-8484-4132-a1a8-b7a348d92728.png">
 
see that there is not a visual que for _revision have been made on this post_ for a post that **HAS** been edited. In addition to this, a user history log for `purge_post_revisions` will be added for each action completed.

# Limits
- Admins are rate limited to 20 posts per minute
2023-01-19 15:09:01 -06:00
Kris
2fb2b0a538
UX: switch categories-boxes layouts from flexbox to grid (#19501) 2023-01-19 12:48:58 -05:00
Kris
f66e798ed7
A11Y: more descriptive user page titles (#19819) 2023-01-19 12:45:45 -05:00
Kris
2b36a9f7b8
UX: prevent search context btn text from wrapping (#19904) 2023-01-18 09:40:56 -05:00
Kris
20f5a69427
UX: add missing space and other minor search adjustments (#19899) 2023-01-18 09:40:38 -05:00
Kris
3483285b89
UX: restyle quote/share popup, fix hover jitter (#19561) 2023-01-17 12:28:33 -05:00
Kris
145d2baa14
A11Y: add aria tags to the new user nav (#19774) 2023-01-17 12:18:16 -05:00
Penar Musaraj
86b4f4d664
UX: Refactor alignment of tag icon in Discourse onebox (#19880)
Followup to 1ce9582a6c
2023-01-17 11:13:55 -05:00
David Taylor
4204b984ee
DEV: Allow accessing sourcemaps on /brotli_asset path (#19894)
Our JS files reference sourcemaps relative to their current path. On sites with non-S3 CDN setups, we use a special path for brotli assets (39a524aa). This caused the sourcemap requests to 404.

This commit fixes the issue by allowing the `.map` files to be accessed under `/brotli_asset/*`.
2023-01-17 12:49:42 +00:00
David Taylor
011c9b9973
DEV: Use message-bus chunked encoding in development (#19878)
This was previously disabled because of incompatibility with the ember-cli proxy. This commit fixes that incompatibility, and restores the development behaviour to match production.

There were three issues at play:

1. Our bootstrap-js addon handles the forwarding of most requests in the ember-cli proxy. This is not built to handle streaming responses. Solution: skip our custom request processing for `/message-bus/*` and use ember-cli's default `http-proxy`.

2. The request/response size-limiting middleware (`rawMiddleware`) would apply even to unhandled paths, causing request and response bodies to be buffered. Solution: skip it for any paths which are not handled by our custom addon.

3. Expressjs servers will buffer/compress responses. Solution: add `Cache-Control: no-transform` to message-bus responses. For now I've done this in development only, but it may be useful to add it to message-bus's default headers in future
2023-01-17 09:54:33 +00:00
Alan Guo Xiang Tan
1e8a1a0d24
PERF: N+1 queries when viewing tags (#19891)
When the `tags_listed_by_group` site setting is enabled, we were seeing
the N+1 queries problem when multiple `TagGroup` records are listed.
This commit fixes that by ensuring that we are not filtering through the
`tags` association after the association has been eager loaded.
2023-01-17 15:50:21 +08:00
David Taylor
41f3bb8b50
FIX: Restore class-property babel transform for themes (#19883)
This seems to be required for decorators to work on class properties. Followup to 624f4a7de9
2023-01-16 18:06:46 +00:00
David Taylor
624f4a7de9
Drop support for iOS < 15.7 (#19847)
https://meta.discourse.org/t/224747
2023-01-16 17:28:59 +00:00
Bianca Nenciu
c3070288ea
FEATURE: Verify email webhook signatures (#19690)
* FEATURE: Verify Sendgrid webhook signature

* FEATURE: Verify more webhook signatures

* DEV: Add test for AWS webhook

* FEATURE: Implement algorithm for Mandrill

* FEATURE: Add warning if webhooks are unsafe
2023-01-16 19:16:17 +02:00
Loïc Guitaut
1ce9582a6c FIX: Display Discourse onebox tag icon properly in chat 2023-01-16 14:53:49 +01:00
Régis Hanol
b704e338ef
DEV: extract anniversary badge query (#19716)
So it can easily be overwritten in a plugin for example.

### Added more tests to provide better coverage

We previously only had `u.silenced_till IS NULL` but I made it consistent with pretty much every other places where we check for "active" users.

These two new lines do change the query a tiny bit though. 

**Before** 

- You could not get the badge if you were currently silenced (no matter what period is being checked)
- You could get the badge if you were suspended 😬 

**After**

- You can't get the badge if you were silenced during the past year
- You can't get the badge if you were suspended during the past year


### Improved the performance of the query by using `NOT EXISTS` instead of `LEFT JOIN / COUNT() = 0`

There is no difference in behaviour between 

```sql
LEFT JOIN user_badges AS ub ON ub.user_id = u.id AND ...
[...]
HAVING COUNT(ub.*) = 0
```

and

```sql
NOT EXISTS (SELECT 1 FROM user_badges AS ub WHERE ub.user_id = u.id AND ...)
```

The only difference is performance-wise. The `NOT EXISTS` is 10-30% faster on very large databases (aka. posts and users in X millions). I checked on 3 of the largest datasets I could find.
2023-01-16 11:55:00 +01:00