In this commit:
Two new URLs are added, to make all realms accessible for server
admins. One is for the stats page itself and another for getting
chart data i.e. chart data API requests.
For the above two new URLs corresponding two view functions are
added.
This doesn't look amazing, but it's better than not linking to the
blog, and adding a 6th line both makes the footer excessive and also
breaks some styling in pages like /login that assume a fixed footer
height.
This was stored as a fixture file under zerver/fixtures, which caused
problems, since we don't show that directory under production (as its
part of the test system).
The simplest emergency fix here would be to just move the file, but
when looking at it, it's clear that we don't need or want a fixture
file here; we want a Python object, so we just do that.
A valuable follow-up improvement to this block would be to create an
actual new Realm object (not saved to the database), and dump it the
same code we use in the export tool; that should handle the vast
majority of these correctly.
Fixes#9123.
There was really no reason for this to be a nested function, since
we weren't closing on any variables. Flatter is better. Also, it
is plausible that folks will want more control over creating
individual jQuery elements (but still want this helper).
This is a first pass at fixing node docs. This commit eliminates
some text that is either obsolete or just overly confusing, and
it fixes some of the code samples to reflect how the API has
evolved in the last couple years. We also prominently tell
you how to run the tests.
We now allow you to run --coverage on individual files. This helps
when you want to make sure a file is being covered directly and not
just getting incidental coverage from higher level tests.
Before this commit, we were conflating wanting coverage reports with
wanting coverage checks. For individual files, we now solve that by
simply eliminating the coverage checks. This required some minor
refactoring to extract some functions.
I don't think anybody ever really used this feature, which I
developed but don't even use myself. It kind of runs counter
to the minimalist approach of the rest of node tests.
I would eventually like to re-think the template tests altogether.
They're slow, and we could solve that somewhat by replacing
jsdon/jquery with an HTML parser library to verify structural
things.
It's also possible that we can just rely on our template linters
to catch the biggest class of errors (malformed tags) and let
code review do the rest.
And it's also possible that we should make a second attempt to
ramp up tooling on making it easy to verify templates, but it
doesn't have to be part of the node tests. If we did that, we
would also potentially use tooling for Python-side templates.
This node test module is intended as a way for somebody to
quickly immerse themselves in our node testing methodologies,
plus it has the nice side effect of introducing several modules
(albeit very briefly).
A few things here:
* Use _.each to follow our convention.
* Just use new locals to avoid overwriting template and
avoid strange Object.assign hack.
* Just use simple string concatenation.
* Use better var names: full_name, shortcut
* Use chaining syntax.
This logging was apparently broken when sorting imports; it's a fairly
unique thing in our codebase that this would be a problem. Prevent
future regressions by adding this exception explicitly to the isort
configuration.
Our recent addition of Content-Security-Policy to the file uploads
backend broke in-browser previews of PDFs.
The content-types change in the last commit fixed loading PDFs for
most users; but the result was ugly, because e.g. Chrome would put the
PDF previewer into a frame (so there were 2 left scrollbars).
There were two changes needed to fix this:
* Loading the style to use the plugin. We corrected this by adding
`style-src 'self' 'unsafe-inline';`
* Loading the plugin. Our CSP blocked loading the PDf viewer plugin.
To correct this, we add object-src 'self', and then limit the
plugin-type to just the one for application/pdf.
We verified this new CSP using https://csp-evaluator.withgoogle.com/
in addition to manual testing.
Previously, user-uploaded PDF files were not properly rendered by
browsers with the local uploads backend, because we weren't setting
the correct content-type.
Cynthia Lin
Tim Abbott
Rishi Gupta
Akash Nimare
Shubham Dhama
Greg Price
Steve Howell
Aditya Bansal
Vishnu Ks