isPrivateMessages represents that the tag list is shown in the context
of private messages and pmOnly represents that the tag is used only in
private messages.
This PR introduces a new secure media setting. When enabled, it prevent unathorized access to media uploads (files of type image, video and audio). When the `login_required` setting is enabled, then all media uploads will be protected from unauthorized (anonymous) access. When `login_required`is disabled, only media in private messages will be protected from unauthorized access.
A few notes:
- the `prevent_anons_from_downloading_files` setting no longer applies to audio and video uploads
- the `secure_media` setting can only be enabled if S3 uploads are already enabled and configured
- upload records have a new column, `secure`, which is a boolean `true/false` of the upload's secure status
- when creating a public post with an upload that has already been uploaded and is marked as secure, the post creator will raise an error
- when enabling or disabling the setting on a site with existing uploads, the rake task `uploads:ensure_correct_acl` should be used to update all uploads' secure status and their ACL on S3
* When viewing a tag, the search widget will now show a checkbox to scope the search by tag, which will limit search results to that tag on desktop and mobile
* DEV: Provide radix 10 argument to parseInt
* DEV: Provide radix 16 argument to parseInt
* DEV: Remove unnecessary parseInt calls
* Fix year formatting
parseInt was used here to convert decimals to ints
Previously we could not place extra nav items in a particular order.
This change introduces a new `before` attribute to addNavigationBarItem
with this attribute we can place a nav item before "top" or any other place.
Additionally this allows navigation items to force active state. In some
cases we may want an items that is simply a "filter" on latest using `?query_params`
when we do that we can "force" the filter active.
A concrete example is the assign plugin that adds a nav item for
Unassigned => `/c/cat-slug/l/latest?assigned=nobody&status=open`
If we did not force then latest would be selected even though the filter
is clicked.
* FEATURE: Add remembering topic list for group pms
* added findOrResetCachedBy helper in topic-list
* Created cached-topic-list.js
* Update app/assets/javascripts/discourse/routes/build-private-messages-route.js.es6
Co-Authored-By: Robin Ward <robin.ward@gmail.com>
When autocompleting mentions in secure categories, we immediately populate the list with users which have permission to view the category. This logic is applied to unsecured categories as well, but the server returns an empty list of users. This commit teaches the autocomplete to understand empty lists of users without terminating the autocomplete dropdown.
- destroyDraft which is called when we cancel a draft is now async,
removing race conditions when you click "reply" to a post and are
already editing. We used to trigger double dialogs for cancelling
drafts which was confusing.
- Remove reply as new topic / reply as pm keys, they are no longer
used and only caused confustion. For example we used to pop up a
warning when you are composing a reply and flick to reply as
new topic
- Remove createTopic key, this was a bug that proliferated. Whenever
creating a topic via the C shortcut or clicking on new topic on full
screen search the correct new topic draft key will be used
consistently
- When abandoning an edit we now say "Are you sure you want to discard
your changes" (instead of abandon your post which is confusing)
* DEV: allow serializing data for drafts
* Various fixes
* added an alias method for 'serializeToDraft' to plugin-api
* fixed linting issues
* changed single quotes to double quotes to fix linting issue
* fixed linting issues
* fixed composer model file via prettier
* fixed composer controller file via prettier
* fixed plugin-api file via prettier
This addresses the following issues:
- on iPad, with keyboard attached, the composer is no longer forced to full screen
- on iPad, with keyboard attached, the topic no longer scrolls when starting a
reply and then cancelling it
- switching between inputs and buttons (formatting, emojis, categories/tags, etc.) no longer
causes layout to bounce around
Removes setting for iOS devices that support Visual Viewport API.
On devices where it was previously enabled, it was causing some scrolling drift when invoking the composer.
AppEvents was always a service object in disguise, so we should move it
to the correct place in the application. Doing this allows other service
objects to inject it easily without container access.
In the future we should also deprecate `this.appEvents` without an
explicit injection too.
Partially reverts 94ab48c by using Safari hacks on iPad again.
This brings parity in the composer UI between iPhones and iPads
Hides grippie and fullscreen toggle button when the keyboard is visible on iPads
Adds 2 factor authentication method via second factor security keys over [web authn](https://developer.mozilla.org/en-US/docs/Web/API/Web_Authentication_API).
Allows a user to authenticate a second factor on login, login-via-email, admin-login, and change password routes. Adds registration area within existing user second factor preferences to register multiple security keys. Supports both external (yubikey) and built-in (macOS/android fingerprint readers).
This applies to iPhones running iOS 13+.
Previous technique remains in place for iOS 12 and below.
Note that this does not apply to iPads on iOS 13 due to Apple no longer
identifying iPads in the user agent string.
To demonstrate the issue:
- Visit https://meta.discourse.org/#somethingHere while logged in
- Click "log out"
- You will be logged out, but the page will not be reloaded
Setting `window.location.pathname = "/"` will not reload the page if there is a hash present. Using `window.location = "/"` gives us the desired behavior.
* FIX: Cast all numerical values in reports
The backend can return some numerical values in report as strings. That results in unexpected order of values when sorting report tables.
* Create `toNumber()` helper
The `typeof` and `parseFloat` seem to be the fastest path: https://jsperf.com/number-vs-typeof-vs-parsefloat#results
- prevents keyboard from being invoked when textarea is disabled
- avoids scrolling up when switching focus from title to textarea on new topic creation
The client-side theme-selector would always apply the first in a series of file change notifications. This has been fixed, so it now applies the most recent notification.
Duplicate notifications were being sent because
- The remote_theme autosave was causing every change notification to be doubled
- Color scheme change notifications were being sent every time a theme was uploaded, even if the colors were unchanged
These duplicate notifications have been fixed, and a spec added to ensure it does not regress in future
* Revert "Revert "FEATURE: Publish read state on group messages. (#7989) [Undo revert] (#8024)""
This reverts commit 36425eb9f0.
* Fix: Show who read only if the attribute is enabled
* PERF: Precalculate the last post readed by a group member
* Use book-reader icon instear of far-eye
* FIX: update topic groups correctly
* DEV: Tidy up read indicator update on write
* Reenable: "FEATURE: Publish read state on group messages. (#7989)"
This reverts commit 67f5cc1ce8.
* FIX: Read indicator only appears when the group setting is enabled
* Enable or disable read state based on group attribute
* When read state needs to be published, the minimum unread count is calculated in the topic query. This way, we can know if someone reads the last post
* The option can be enabled/disabled from the UI
* The read indicator will live-updated using message bus
* Show read indicator on every post
* The read indicator now shows read count and can be expanded to see user avatars
* Read count gets updated everytime someone reads a message
* Simplify topic-list read indicator logic
* Unsubscribe from message bus on willDestroyElement, removed unnecesarry values from post-menu, and added a comment to explain where does minimum_unread_count comes from
Sometimes, when keeping J or K pressed and scrolling fast, the current
selection would go out of the viewport for a few moments and the
algorithm would try selecting the "best" element that is in viewport.
This bug is reproducible only on certain machines. For example, Linux
machines seem to be passing key events faster to the browser.
This feature allows @ mentions to prioritize showing members of a group who
have explicit permission to a category.
This makes it far easier to @ mention group member when composing topics in
categories where only the group has access.
For example:
If Sam, Jane an Joan have access to bugs category.
Then `@` will auto complete to (jane,joan,sam) ordered on last seen at
This feature works on new topics and existing topics. There is an explicit
exclusion of trust level 0,1,2 groups cause they get too big.
- Client-side censoring fixed for non-chrome browsers. (Regular expression rewritten to avoid lookback)
- Regex generation is now done on the server, to reduce repeated logic, and make it easier to extend in plugins
- Censor tests are moved to ruby, to ensure everything works end-to-end
- If "watched words regular expressions" is enabled, warn the admin when the generated regex is invalid
This commit contains 3 features:
- FEATURE: Allow downloading watched words
This introduces a button that allows admins to download watched words per action in a `.txt` file.
- FEATURE: Allow clearing watched words in bulk
This adds a "Clear All" button that clears all deleted words per action (e.g. block, flag etc.)
- FEATURE: List all blocked words contained in the post when it's blocked
When a post is rejected because it contains one or more blocked words, the error message now lists all the blocked words contained in the post.
-------
This also changes the format of the file for importing watched words from `.csv` to `.txt` so it becomes inconsistent with the extension of the file when watched words are exported.
* FIX: ensures routin with hash doesnt stuck history
Original issue: https://meta.discourse.org/t/hash-anchor-in-url-prevents-further-url-updates/122068/4
Basically when the path has a hash, state would be null, and nothing would happen.
* Update app/assets/javascripts/discourse/lib/discourse-location.js.es6
Co-Authored-By: Régis Hanol <regis@hanol.fr>
To reproduce:
1. Visit a url in a new tab such as `/latest?order=views`
2. Click a topic link
3. Click the back button
Before this patch, you would not be sent back to the latest list.
Now, I am somewhat hesitant to delete code like this, but the [original
commit](b2b7f4d905)
explains a situation that I cannot reproduce with the code missing.
I cannot seem to keep the filters as sticky even if I try. At the very
least this is better to commit right now than the currently known broken
situation.
This is a problem that has long plagued Discourse. The root issue here
is that we have to implement our own link click handler, because
Discourse allows users to create HTML blobs of content with links, and
when those links are clicked they must be handled by the Ember router.
This always involved a certain amount of use of private Ember APIs which
of course evolved over time.
The API has more or less stabilized in the last two years, however we
have hacks in our URLs to handle a dynamic root path, depending on how
forums have set up their filters and in what order.
This patch adds a special case for the root path so we needn't update
the URL ourselves otherwise, which preserves the back button on index
routes. The update call would otherwise insert an extra history event if
a route redirected on transition, breaking the back button.
A bug where input focus is displaced on modals was fixed in iOS 11.3 update. This hack was causing problems on topic page since hiding main-outlet results in lost read position after opening and closing a modal.
* Remove long-deprecated method
* FIX: Memory Leaks when decorating posts
Previously we'd keep creating mixins dynamically when decorating the
same class.
This code changes the API to recommend an `id` parameter for each
decorator which will avoid leaks. All plugins should be updated to
include this parameter, although if they don't in the meantime it'll
just mean a warning in the console (and a continued leak.)
* FEATURE: detect theme errors and catch them
* Bump COMPILER_VERSION
* Feedback
* Override eslint no console for one line
* Can't use our ajax method
* remove emoji from translation file
This change shows a notification number besides the flag icon in the
post menu if there is reviewable content associated with the post.
Additionally, if there is pending stuff to review, the icon has a red
background.
We have also removed the list of links below a post with the flag
status. A reviewer is meant to click the number beside the flag icon to
view the flags. As a consequence of losing those links, we've removed
the ability to undo or ignore flags below a post.
This is a first step of a performance optimisation, more will follow
Previously we did not properly account for previously read topics while
"rushing" marking times on posts.
The new mechanism now avoids "rushing" sending timings to server if all
the posts were read.
Also to alleviate some server load we only "ping" the server with old timings
once a minute (it used to be every 20 seconds)
- moves footer nav to the header on iPads
- disables scrolling events for iPads
- removes footer nav entirely on Chrome PWAs
- toggles DiscourseHub iOS app status bar styling (dark/light) when opening/closing lightboxes and modals
Since enabling pinch-to-zoom in iOS (eae22548de), there was an issue with inputs: Safari auto-zooms inputs with font-size under 16px. Now zooming will be disabled while focus is on an input.
This commit also removes a) a lightbox zoom-enabling event (no longer needed) and b) a comment about iOS zoom issues.
In certain situations the detection method fails. For example, it fails
for a topic containing: a long post (~1600px height), gap, small action
(focus on this), hidden reply.
* Revert "FIX: discourse client should know about Logster (#7232)"
This reverts commit bfcbc4d2d6.
* FIX: discourse client should know about Logster (simpler approach)
