Commit Graph

5510 Commits

Author SHA1 Message Date
Shubham Padia 6e9d56eaf4 user_groups: Check permission to manage groups based on group setting.
We also add exception for the group creator to manage groups. See
https://chat.zulip.org/#narrow/stream/3-backend/topic/Group.20creation.20-.20who.20can.20change.20the.20setting.2E/near/1943861
for more details. For the tests, wherever possible, we've just added an
acting_user when creating a group to test.
We've also added an acting_user argument to create_user_group_for_test.
We will not remove `user_group_edit_policy` yet. That will be removed
once we have introduced this setting to the frontend.
2024-10-01 17:35:14 -07:00
Vector73 66113365a5 saved_snippets: Add new feature for saved snippets.
Fixes #31227.
2024-10-01 11:48:15 -07:00
Anders Kaseorg 2440c6d244 electron_bridge: Harden against hypothetical DOM clobbering attacks.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2024-09-30 16:31:27 -07:00
evykassirer 471d042a11 message_notifications: Convert module to typescript. 2024-09-30 12:07:27 -07:00
Anders Kaseorg d5bc3421fc install-tusd: Be careful to match the complete version line.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2024-09-26 09:26:34 -07:00
Anders Kaseorg 5a978edf40 install-aws-server: Fix SC2206 violation.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2024-09-24 23:05:39 -07:00
Anders Kaseorg 0cc6421118 install-transifex-cli: Upgrade Transifex CLI from 1.6.16 to 1.6.17.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2024-09-24 20:51:24 -07:00
evykassirer af915523a7 message_view: Convert module to typescript. 2024-09-24 15:43:27 -07:00
Vlad Korobov edef41ca32 portico: hello images are always x2 size 2024-09-24 14:19:48 -07:00
Alya Abbott 1767fac1d1 portico: Add per file upload limit to feature comparison table. 2024-09-23 14:37:48 -07:00
Varun Singh 7302499485 message_list_hover: Convert module to TypeScript. 2024-09-20 18:24:49 -07:00
evykassirer deb5d90941 message_list: Convert module to typescript. 2024-09-19 15:31:16 -07:00
Alex Vandiver 818c30372f upload: Use tusd for resumable, larger uploads.
Currently, it handles two hook types: 'pre-create' (to verify that the
user is authenticated and the file size is within the limit) and
'pre-finish' (which creates an attachment row).

No secret is shared between Django and tusd for authentication of the
hooks endpoints, because none is necessary -- tusd forwards the
end-user's credentials, and the hook checks them like it would any
end-user request.  An end-user gaining access to the endpoint would be
able to do no more harm than via tusd or the normal file upload API.

Regardless, the previous commit has restricted access to the endpoint
at the nginx layer.

Co-authored-by: Brijmohan Siyag <brijsiyag@gmail.com>
2024-09-19 11:37:29 -07:00
Aman Agrawal 6f094f0350 test_backend: For serial mode for stripe fixture generation.
It is important for stripe fixtures to be generated in serial
mode so that customer and event data doesn't overflow between
tests.
2024-09-19 11:26:21 -07:00
Sahil Batra 2fff124ec9 settings: Add new module to handle pills for group settings.
This commit creates a new module similar to add_subscribers_pill
for handling the pill widget to be used for group settings.
2024-09-19 09:08:33 -07:00
Anders Kaseorg 97ffccb45f reload: Convert module to TypeScript.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2024-09-18 15:31:41 -07:00
Lauryn Menard 52bc47a870 activity: Add view for a remote server's audit logs.
Links to the audit log view via the remote support view in the
remote server information section after the user counts.
2024-09-17 09:34:17 -07:00
Tim Abbott 3514cbd7e8 renumber-migrations: Avoid crashing with squashed migrations. 2024-09-13 18:44:58 -07:00
evykassirer e41e365085 message_list_view: Convert module to typescript. 2024-09-11 14:59:31 -07:00
Alex Vandiver 38053e9c7c emoji: Convert spritesheets to webp.
This provides significant size savings:

| Emoji set   | png size | webp size | webp/png percent |
| ----------- | -------- | --------- | ---------------- |
| google-blob |  1968954 |   1373350 |           69.75% |
| twitter     |  2972820 |   2149672 |           72.31% |
| google      |  3455270 |   2327834 |           67.37% |

Since these are the largest assets that we ship to clients, it is
worth shaving off every byte we can.
2024-09-11 09:03:47 -07:00
Alex Vandiver a2517e1115 build-emoji: Reorganize /srv/zulip-emoji-cache.
This more explicitly splits out the files bound for web/generated/ from
those bound for static/generated/.
2024-09-11 09:03:47 -07:00
opmkumar 719518baba popovers: Add stream-info-popover when channel pill is clicked.
Shows a stream info popover whenever a channel pill is clicked (such
as in the pill widgets for adding subscribers to a channel or
invitations). The stream info popover contains channel icon and name,
channel description and a link to channel settings.

Fixes #30567.
2024-09-10 16:16:53 -07:00
Varun Singh d6c34f64dd tests: Use `make_user` & `make_bot` to create test user & bot. 2024-09-10 16:02:35 -07:00
Aman Agrawal 5b9a2584c5 message_list_data_cache: Cache MessageListData objects.
We start caching MessageListData objects for the narrows which
user has visited. We restore the cached objects if the filters
match. Also, the cached objects are updated based on events. One
major piece is update path the is pending implementation is the
message move code path.
2024-09-10 15:58:15 -07:00
joseph 5d3edf06c8 message_edit: Ask users to delete attachments after editing.
currently, after a user edits a message and removes an reference to the
uploaded file, the uploaded file stays on the storage taking up space.
We want to ask the user to possibly delete the removed attachments if
they are no longer needed. These changes applies a modal that will appear
prompting the user to delete the attachments.

Fixes: #25525.

Co-authored-by: brijsiyag
Co-authored-by: wandrew0
2024-09-06 11:40:51 -07:00
Kenneth Rodrigues dc32396180 endpoints: Remove the has_request_variables decorator.
All endpoints have been migrated to the typed_endpoint decorator,
therefore the has_request_variables decorator and the REQ function are
no longer needed and have been removed.
2024-09-05 16:02:12 -07:00
Anders Kaseorg 91ade25ba3 python: Simplify with str.removeprefix, str.removesuffix.
These are available in Python ≥ 3.9.
https://docs.python.org/3/library/stdtypes.html#str.removeprefix

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2024-09-03 12:30:16 -07:00
Anders Kaseorg 8b147d92a8 apt-repos: Use PGroonga binaries on Ubuntu 24.04.
These did not exist when we first added Ubuntu 24.04 support; now they
do.  Fixes #31261.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2024-08-29 16:04:44 -07:00
Alex Vandiver df91cdf333 thumbnail: Backfill ImageAttachment rows.
We previously used the file extension to determine if we should
attempt to inline an image.  After b42863be4b, we rely on the
existence of ImageAttachment rows to determine if something is an
image which can be viewed inline.  This means that messages
containing files uploaded before that commit, when (re-)rendered, will
be judged as not having inline'able images.

Backfill all of the ImageAttachment rows for image-like file
extensions.  We are careful to only download the bytes that we need in
the image headers, to minimize bandwidth from S3 in the event that the
S3 backend is in use.  We do _not_ produce thumbnails for the images
during this migration; see the subsequent commit.

Because this migration will be backported to 9.x, it is marked as only
depending on the last migration in `9.x`, with a subsequent merge
migration into the tip of `main`.
2024-08-29 12:11:51 -07:00
Lauryn Menard d54ca85de2 activity: Add view to see the ledger entries for a customer plan.
Adds a link to the plan ledger view in the current plan information
shown in the support views. Link is not shown if the plan is 100%
sponsored, e.g., the Community plan.

Adds a formatted header area to the activity table template so
that it's easy to add useful information to these activity views.
2024-08-28 14:12:36 -07:00
Anders Kaseorg ed63a40184 install-transifex-cli: Upgrade Transifex CLI from 1.6.14 to 1.6.16.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2024-08-26 14:17:05 -07:00
Anders Kaseorg b0170fc306 install-shfmt: Upgrade shfmt from 3.8.0 to 3.9.0.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2024-08-26 14:17:05 -07:00
Anders Kaseorg d67831ba4b run-dev: Remove unnecessary compress=False for aiohttp.
This seems to have been unnecessary since aiohttp 2, and now causes a
type error.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2024-08-24 19:44:38 -07:00
Tim Abbott f4d98b03d5 migrations: Squash zerver migrations.
This has the impact of making rebuilding the database in a Zulip
development environment, or initializing a new production database,
dramatically faster.

This was generated by merging the output of `manage.py makemigrations`
with an empty migration.

Tested using `tools/rebuild-test-database` before and after this
change, and comparing the output of `pg_dump -d zulip_test` using
Git's diff comparison algorithm. Differences in that SQL dump include:

- The actual generated table contents, due to timestamps and the like;
  this is expected and unrelated to schema.

- Orders of fields within tables, which is not significant in SQL.

- IDs assigned to tables in the ContentType table, which is expected
  and not a problem with how that Django table is designed.

- Names of generated indexes and constraints; modern Django seems to
  abbreviate long names differently for these, and it's not obviously
  possible to configure those used by the `db_index` property. If
  necessarily, likely this can be converged via a migration filled
  with `IF EXISTS` rename operations like the one done in
  zerver/migrations/0246_message_date_sent_finalize_part2.py.

- Names of the ~3 sequences related to renamed tables:
  usertopic/mutedtopic, botconfigdata/botuserconfigdata,
  realmdomain/realmalias. Probably there's no action required here,
  but we could do rename operations if desired.
2024-08-23 17:15:35 -07:00
afeefuddin f013eb1037 message_fetch: Convert module to TypeScript. 2024-08-23 13:34:13 -07:00
afeefuddin 17e2d46760 message_store: Rewrite RawMessage type using Zod.
This commit rework RawMessage and it's related type to use
Zod for parsing the data received from the server.
2024-08-23 13:34:13 -07:00
Varun Singh f148a7a3ed popover_menus_data: Convert module to TypeScript. 2024-08-23 13:10:50 -07:00
Varun Singh 2cf09602df todo_widget: Convert module to TypeScript. 2024-08-23 12:30:27 -07:00
afeefuddin be9d879682 settings_bots: Convert module to TypeScript. 2024-08-21 08:28:40 -07:00
Kenneth Rodrigues 86bf0d3ea3 decorators: Migrate to typed_endpoint.
Modify `semgrep-py.yml` to treat arguments after `*args` as
keyword-only arguments.
2024-08-20 10:15:30 -07:00
Alex Vandiver 64516ab9f4 install-aws-server: Output tsh ssh command, not ssh. 2024-08-20 10:04:40 -07:00
Alex Vandiver a5a898ba21 install-aws-server: Switch to 24.04. 2024-08-20 10:04:37 -07:00
Alex Vandiver 3adedc9545 install-aws-server: Set the name of the root EBS volume. 2024-08-20 10:03:59 -07:00
evykassirer b1198785be message_edit: Convert module to typescript. 2024-08-19 16:33:04 -07:00
Vector73 80969a62e6 settings: Add `can_delete_any_message_group` setting.
Fixes #30717.
2024-08-15 12:03:49 -07:00
Varun Singh d8dd682944 echo: Convert module to TypeScript. 2024-08-13 09:37:35 -07:00
Varun Singh f5d71fa320 server_message: Remove from `EXEMPT_FILES`. 2024-08-13 09:37:35 -07:00
afeefuddin 19b85eb600 user_profile: Convert module to TypeScript. 2024-08-12 09:40:33 -07:00
Shubham Padia 72f7a13346 tools: Add option for help center dev server.
Fixes #30451.
In a case that both `--help-center` and `--help-center-dev-server`
flags are passed to `run-dev`, `--help-center` flag will take
precedence without throwing any error.
2024-08-02 18:18:01 -07:00
Shubham Padia 7dfe68e0a2 run-dev: Add option to host help center with starlight.
We also add a script called `build-help-center` that is required
to build the starlight documentation. If the `help-beta/dist` dir
is not present, `run-dev` will show an error message but will not
fail.
2024-08-02 18:18:01 -07:00