Currently, the GitHub webhook sends activity from both public and private
repositories, which could lead to unintended disclosure of sensitive
information from private repositories.
This commit introduces a ignore_private_repositories parameter to the
webhook URL. When set to true, the webhook ignore processing activity from
private repositories, ensuring that such activities are not posted to
Zulip streams. By default, if the parameter is omitted or set to false,
activities from both public and private repositories are processed
normally. This provides users with the flexibility to control the
visibility of private repository activities without altering the default
behavior.
More importantly, this introduces a cleaner mechanism for individual
incoming webhooks to declare support for settings not common to all
webhook integrations.
Fixes#31638.
During account creation when a user opted to import settings
from an existing account, the "Mark visibility_policy_banner as
read" step was raising integrity error.
It is because 'copy_onboarding_steps' is already executed earlier
in the 'do_create_user' codeflow. If the source profile had already
marked 'visibility_policy_banner' as read, we were facing integrity
error.
This commit fixes the bug.
This makes sure that the "Add" button in members panel is
not enabled if the pill input is empty, in two cases - when
the members panel is opened and also when the members panel
is live-updated due to change in permission.
We now have a grey-ish background color for the pill container
with opacity also reduced like we do for the disabled select
elements in settings.
Needed to adjust the selectors so that the CSS for disabled
state correctly overrides the CSS for enabled state.
We show "0 members" text when a group has no direct members but
has subgroups which are all empty.
The behavior for when a group has neither direct members nor
subgroups is same where we show "This group has no members".
Previously, errors were returned using Zulip's default format,
which did not match Slack's expected response structure.
This change ensures that errors in the Slack incoming webhook handler
return JSON responses in Slack's expected format: {ok: false, error:
"error string"}.
Fixes: #31878.
Unfortunately, because this migration has already been run for many
installations, we need to ship another copy of the migration.
It should be a noop when repeated.
This commit updates code to just use permission settings
list from server_supported_permission_settings data
instead of calling create_realm_group_setting_widget
individually for each setting.
Also, updated the code to create dropdown widgets to check
if only system groups are allowed or not for a setting
instead of using a hardcoded list.
Previously we disabled time limit settings for moving
messages when non-admin and non-moderators users were
not allowed move messages as the time limit does not
apply to admins and moderators. And the time limit
setting to delete messages was disabled when all the
users who were allowed to delete their own message also
had permission to delete any message since time limit
does not apply to users who were allowed to delete any
message.
Now, as we use the new UI and allow the permission
settings to be set to anonymous groups, we just do
not disable the time limit setting to avoid complexity
and we anyways mention about cases when time limit is
not applicable.
Previously the banner was always shown to admins and to users who
cannot add emoji with the banner mentioning who can add emoji.
This commit updates the code to only show the banners who cannot
add emoji irrespective of their role, and just mention that they
do not have permission without any detail about who can add.
Some of the group setting elements were not live-updated
correctly since they were not present in realm_settings
dict and sync_realm_settings is only called for settings
present in that dict.
There is no need to pass the value of group settings to
template as rendering the UI is handled in JS. This was
probably added due to the old enum value setting being
passed to the template.
All similar elements in the compose box--the channel/DM widget, the
pill container on DMs, and the compose textarea--all use a 4px
border-radius, correcting the topic box's outlier status.
html2text mangles Unicode by default, with a --unicode-snob option to
disable it. If I have to get called a “snob” for wanting to correctly
support non-English languages, then uh, I’ll take one for the team.
https://github.com/Alir3z4/html2text/blob/2024.2.26/html2text/config.py#L111-L150
Signed-off-by: Anders Kaseorg <anders@zulip.com>
Currently, Slack messages containing hyperlinks
(e.g.,<http://foo.com|Foo!>) are converted like
normal links. This commit reformats Slack
hyperlinks into Zulip-friendly markdown
(e.g., [Foo!](http://foo.com)).
Part of #32165.
Previously, the `group_id` was not returned in the success
response of the user group creation API.
This commit updates the API to return a success response
containing the unique ID of the user group with the key
`group_id`. This enhancement allows clients to easily reference
the newly created user group.
Fixes: #29686
Removed `edit_topic_policy` property, as the permission
to move messages between topcis is now controlled by
`can_move_messages_between_topics_group` setting.
This helps avoid confusion with `participant_user_ids`
which is a property of the buddy list and describes
the currently visible participants, whereas
`all_participant_ids` describes all participants,
even those hidden due to search.
Because we regularly change what we want the placeholder
text to be, as the user enters and exits search, it's simpler
to just not use `data-search-results-empty` and set up the
placeholder from the buddy list code directly. Previously we
were trying to sometimes use `data-search-results-empty` and
sometimes set it directly, which is more confusing and complex.
Sometimes we might want to re-fill the screen after collapsing
or uncollapsing a section, so it's better to fill the screen
just once after determining if we should collapse the "other
users" section. Also, this commit removes a call to
`render_section_headers()` because that's always called at the
end of `fill_screen_with_content()`.
We now use new pills UI for public and private channel
creation settings. The UI for web-public channel
creation setting is still a dropdown as we allow only
system groups for that.
The first two are equivalent because they call `closest`
and the last one is directly equivalent. We're making these
changes to aid with the conversion to typescript.
We already have the code to ignore the deactivated groups before
sending the request and show appropriate message. This commit
just adds code to not show them in the typeahead and also not
create its pill if user types the full group name.
Aditya Kumar Kasaudhan
Prakhar Pratyush
Sahil Batra
Alya Abbott
Karl Stolley
Tim Abbott
Aman Agrawal
Anders Kaseorg
PieterCK
Vector73
evykassirer