Commit Graph

16 Commits

Author SHA1 Message Date
m-e-l-u-h-a-n 0d3f229283 popovers: Add filter widget for stream list in profile modal. 2021-07-01 14:30:30 -07:00
m-e-l-u-h-a-n 995048c4bc popovers: Add header to stream list in profile popover. 2021-07-01 14:30:06 -07:00
sahil839 bb816e1998 settings: Separate "Your account" section in two different sections.
We separate "Your account" section to two different sections -
"Profile" section for user name, custom profile fields, and avatar
and "Account & Security" section for email, password, role, api-key
and deactivating button.

Another important change here is that the modal for changing name
is removed and now the name has a simple input text box and it
behaves similar to inputs for custom-profile-fields.

Fixes #18848.
2021-06-30 16:56:03 -07:00
m-e-l-u-h-a-n c6f8b9d807 profile: Add unsubscribe button in user profile modal.
We add unsubscribe button in the stream list that allows
users and admins to unsubscribe them using profile modal.

If a user attempts to unsubscribe from a private stream
we redirect them to do so from stream setting overlay
to avoid a really confusing user experience as we ask
for confirmation before unsubscribing such streams.
2021-06-30 15:17:26 -07:00
m-e-l-u-h-a-n 14f46a831d popovers: Add data-user-id in user profile modal. 2021-06-29 16:50:04 -07:00
m-e-l-u-h-a-n e10a315efd temaplate: Separate stream and user group tabs in user profile modal.
We had stream and group tab inside a common div with class
`subscription-group-list` due to this adding any info
elements like alert boxes that were specific to one of them
became difficult. To fix this we keep them in their own
`.tabcontent` div. This change also makes the handling of
display of different tabs a lot easier and cleans
up unnecessary javascript code that was handling the
display of common parent div of stream and group tab.
2021-06-23 08:08:23 -07:00
m-e-l-u-h-a-n 775b8eb05f template: Correct sequence of stream and group tab.
We show stream tab before user-group tab but in the template
this order was reversed that created confusion while editing
any one of them. So we correct their order in the template
to reflect the order we show in UI.
2021-06-23 08:08:23 -07:00
Tim Abbott 420500ab25 user_profile_modal: Fix duplicate 'Last active' notice.
This fixes a regression in 16bd6e6b1d
that caused the user profile modal to display "Last active: Last active: ...".

I'm not convinced these are the best visuals, but the whole modal
needs a visual refresh.
2021-06-11 07:59:59 -07:00
m-e-l-u-h-a-n b080417960 popovers: Add tabs for profile, groups and streams in user_info modal.
Fixes: #16233.

Co-authored-by: Abhirup Pal <abhiruppalmethodist@gmail.com>
2021-06-11 07:56:32 -07:00
Anders Kaseorg dd3fa4ac52 templates: Mark all void tags as self-closing.
This reverses the policy that was set, but incompletely enforced, by
commit 951514dd7d.  The self-closing tag
syntax is clearer, more consistent, simpler to parse, compatible with
XML, preferred by Prettier, and (most importantly now) required by
FormatJS.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-04-21 09:49:34 -07:00
Anders Kaseorg 5fed442bb1 templates: Remove context argument from {{#tr}} block helper.
It only had one nontrivial use, and it’s easily replaced using the
builtin {{#with}} block helper.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-04-13 18:59:46 -07:00
Tim Abbott a2767e8c50 CVE-2020-14194: Use noopener/noreferrer for external links.
We fixed the main issue of this form in CVE-2020-9444, but the audit
done at that time only included links found in rendered_markdown; this
change completes our audit for links with target=_blank anywhere in
the codebase.
2020-06-16 23:35:39 -07:00
Tim Abbott 4fff858aa2 templates: Fix missing quoting of attributes in HTML templates.
This fixes a bundle of issues where we were missing "" around
attributes coming from variables.  In most cases, the variables were
integers or fixed constants from the Zulip codebase (E.g. the name of
an installed integration), but in at least one case it was
user-provided data that could potentially have security impact.
2020-06-16 23:35:39 -07:00
Anders Kaseorg 68cfcd6446 CVE-2020-9444: Prevent reverse tabnabbing attacks.
While we could fix this issue by changing the markdown processor,
doing so is not a robust solution, because even a momentary bug in the
markdown processor could allow cached messages that do not follow our
security policy.

This change ensures that even if our markdown processor has bugs that
result in rendered content that does not properly follow our policy of
using rel="noopener noreferrer" on links, we'll still do something
reasonable.

Co-authored-by: Tim Abbott <tabbott@zulipchat.com>
Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2020-04-01 14:01:45 -07:00
vinitS101 a82ad468f9 user status: Change Last online to Last active.
Change "Last online" to "Last active" in the full user profile.
2019-08-07 16:20:19 -07:00
Anders Kaseorg 3c3471b720 templates: Rename *.handlebars ↦ *.hbs and - ↦ _.
Tweaked by tabbott to avoid accidentally disabling the linter for
handlebars templates.

Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-07-12 21:11:03 -07:00