Commit Graph

17 Commits

Author SHA1 Message Date
Aman Agrawal 43578847e3 popover_menus: Remove incorrect `return`. 2022-12-06 09:58:40 -08:00
Anders Kaseorg fde9b1d366 channel: Remove idempotent retry loop.
This was added by commit 7f174213ed, and
appears to have been designed for responses that are *successful* but
falsy. Logically, these should not implicitly represent a failure to
be retried if it were.

Note from tabbott: The background is that this idempotent retry loop
was a hacky workaround for a bug we never understood but saw daily in
production. Especially during server restarts / client reloads,
something would result in 200 responses with no data being seen by the
frontend, despite the Django server not having received/processed the
request. Fortunately, this strange failure mode appears to have
stopped happening in late 2019, so we can delete this hack.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-08-19 12:14:41 -07:00
Anders Kaseorg 44767dd653 tippyjs: Avoid unsafe allowHTML API in favor of <template> elements.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-03-03 10:13:24 -08:00
Anders Kaseorg e090027adc CVE-2022-23656: Fix cross-site scripting vulnerability in tooltips.
An attacker could maliciously craft a full name for their account and
send messages to a topic with several participants; a victim who then
opens an overflow tooltip including this full name on the recent
topics page could trigger execution of JavaScript code controlled by
the attacker.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-03-01 14:26:42 -08:00
Mr.mad 22bfa56301 left sidebar: Redirect users with no stream create permissions.
Previously, when the user clicked the `Add streams` icon in the
streams list sidebar, we provided a popover offering to create or
subscribe.  This was confusing for users who did not have permission
to create streams.

Redirect users that don't have stream creation permissions
directly to browse streams without going through this popover.

Fixes: #20676.
2022-02-11 11:02:09 -08:00
Tim Abbott a6c364cdd7 left sidebar: Rename streams_inline_cog.
The icon hasn't been a cog for some time.
2022-02-11 10:58:32 -08:00
Anders Kaseorg b0ce4f1bce docs: Fix many spelling mistakes.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-02-07 18:51:06 -08:00
Aman Agrawal db09639f6c compose: Change UI which toggles `enter_sends` setting.
Use a popover which displays both the options instead of long text.
We only use a small text indicating the current state which user
can click on to trigger the popover.
2022-01-05 16:03:53 -08:00
Aman Agrawal aaa7150b8a compose: Move overflowing buttons to a popover.
We don't hide popover on click for formatting buttons, emoji picker and time
picker.
Emoji and time picker popovers need a reference to be displayed,
hence we don't hide them.
Not hiding formatting buttons is based on past discussion.

The current instance of compose popover is stored locally
so that we can access it across different modules.

The basic approach for hiding / displaying a button is based on
width and is executed at `sm` breakpoint as per our
`css_variables.js`.
Used handlebars and `hide/show-sm` css class to make this
work. This avoids using too much JS to hide/display elements.
2021-12-02 15:11:15 -08:00
Aman Agrawal b5f662c646 popover_menus: Extract common onShow methods. 2021-12-02 15:11:15 -08:00
Sahil Batra dcd6da0351 misc: Replace "night" and "day" with "dark" and "light".
This commit replaces "night" and "day" used in the context
of themes with "dark" and "light".
2021-11-26 22:03:29 -08:00
Sahil Batra 25ba96488d settings: Add frontend part for create_web_public_stream_policy.
This commit has the following changes -

- Adds dropdown for changing create_web_public_stream_policy and this
dropdown is visible only if settings.WEB_PUBLIC_STREAMS_ENABLED and
enable_spectator_access is set to True. This dropdown is live-udpated
on changing enable_spectator_access setting.

- The web-public stream option in stream creation form and stream privacy
modal is hidden if one of settings.WEB_PUBLIC_STREAMS_ENABLED or
enable_spectator_access is set to False except in stream privacy modal
when the stream is already web-public so that the user is not confused by
none of the options being selected.

- We disable the web-public stream option in stream creation form and
in stream-privacy modals of stream which are not already web-public
when the user is not allowed to create web-public streams as per
create_web_public_stream_policy setting.

- We use on_show parameter to hide or disable the options in stream-privacy
modal because we use the visible property of element to remove the bottom
border from last element in the stream-privacy choices and thus we have
to wait for the modal to be visible.

Fixes #20287.  Fixes #20296.
2021-11-23 13:48:43 -08:00
Aman Agrawal 59a62573ed popover_menus: Simplify check for any active popovers. 2021-11-10 09:12:23 -08:00
Ganesh Pawar fa928d5cd1 streams: Split setting for stream creation policy.
Users wanted a feature where they could specify
which users can create public streams and which users can
create private streams.

This splits stream creation code into two parts,
public and private stream creation.

Fixes #17009.
2021-10-01 10:26:42 -07:00
Tim Abbott c705b7d5dd popover_menus: Add some comment documentation. 2021-06-18 17:25:45 -07:00
Aman Agrawal fa2825eaa0 popover_menus: Extract common popover properties to be reused. 2021-06-18 17:13:20 -07:00
Aman Agrawal 182f47b7c6 popover_menus: Extract popovers using tippy in a separate module. 2021-06-18 17:13:20 -07:00