Commit Graph

537 Commits

Author SHA1 Message Date
Prakhar Pratyush c5b3d2e434 custom_check: Add rule to avoid creating savepoints.
This commit adds a custom rule to check python files
and raise lint error if they have transaction.atomic used
without any argument or savepoint=True is used.

It helps to avoid creating unintended savepoints in the future.
2024-11-21 14:55:15 -08:00
Anders Kaseorg 687f1b1651 tests: Rename the Node tests to *.cjs.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2024-11-13 09:18:56 -08:00
Lauryn Menard 3e3ca26aae docs: Update keyboard shortcuts to always show "Fn" key option.
Previously, these were only shown for Mac OS users and replaced
the "Home", "End", "PgUp" and "PgDn" shortcuts. But as this really
depends on the keyboard the user is using (there are Mac keyboards
with the above keys), we instead show both options in our web app
and help center documentation on keyboard shortcuts.

The tooltip for the "Scroll to bottom" button will now always show
"End" for all users. Previously, it showed a "Fn" key option for
Mac users.

Fixes #31815.
2024-10-14 15:14:10 -07:00
Kenneth Rodrigues dc32396180 endpoints: Remove the has_request_variables decorator.
All endpoints have been migrated to the typed_endpoint decorator,
therefore the has_request_variables decorator and the REQ function are
no longer needed and have been removed.
2024-09-05 16:02:12 -07:00
Varun Singh 8570cd81b1 message_events_util: Convert module to TypeScript. 2024-07-31 14:33:11 -07:00
Anders Kaseorg edf34ada63 util: Rename clean_user_content_links to postprocess_content.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2024-07-23 13:26:37 -07:00
Varun Singh 884317e407 server_message: Create zod schema to parse message recieved from server.
The commit creates a `server_message.ts` module which
will home our `zod` schema for the messages received
from server. We can then import the schema to parse
the data in needed modules at the API boundaries.
This will also help us write better tests.
2024-07-15 13:55:13 -07:00
Anders Kaseorg e08a24e47f ruff: Fix UP006 Use `list` instead of `List` for type annotation.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2024-07-13 22:28:22 -07:00
Sayam Samal 60d1993ed8 user_card_popover: Redesign popover using the new `popover-menu` theme.
As part of the popover menu redesign, this commit redesigns the user
card popover using the new "popover-menu" tippy theme and improves
accessibility by using appropriate ARIA attributes.
2024-07-12 13:03:40 -07:00
Lauryn Menard 3410584094 linter: Add check for comma after "e.g." in md files.
Adds a linter rule for markdown files so that new cases of "e.g."
without a comma wont be introduced to user-facing documentation.

Fixes the remaining cases of "e.g." in markdown files that are not
followed by a comma.
2024-07-05 15:36:24 -07:00
Prakhar Pratyush 0d59ff8c96 docs: Remove 'Hotspots' subsystem doc.
We no longer have 'Hotspots' to introduce users
to important UI elements.

We now use one time banners for it.
2024-06-18 09:39:50 -07:00
Shubham Padia a98363fe36 help: Do not allow autolinks for help center docs.
mdxjs does not allow autolinks.
See https://github.com/mdx-js/mdx/issues/1049.
We also added a linter check for the same.
Preparatory commit for #30451.
2024-06-17 09:27:19 -07:00
evykassirer 28107eb913 message_helper: Be more explicit about converting subject to topic. 2024-05-29 16:45:36 -07:00
Aman Agrawal 7203661d99 support: Set discounted price instead percentage for customers.
This allows us to set the price of a plan exactly as discussed with
the customer.
2024-05-16 02:18:43 -07:00
Alex Vandiver 5654d051f7 worker: Split into separate files.
This makes each worker faster to start up.
2024-04-16 23:00:02 -07:00
Alex Vandiver 57ff573535 topic: Move sqlalchemy methods into their own file.
Loading sqlalchemy can take a significant amount of time, so splitting
these into these own file can be a significant startup-time savings.
2024-04-16 09:48:11 -07:00
Anders Kaseorg 8fb1117cef eslint: Fix no-jquery/no-append-html errors that need test changes.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2024-04-04 10:11:57 -07:00
afeefuddin da80afd6f4 lightbox: Convert module to TypeScript. 2024-03-28 13:56:56 -07:00
evykassirer babe525b5c linter: Add _html as a variable name for safe html. 2024-03-11 09:56:18 -07:00
Lauryn Menard 1f72ab5133 remote-support: Show active billing user emails. 2024-02-23 13:21:54 -08:00
Alex Vandiver b23d90ed62 puppet: Rename puppet/zulip_ops to puppet/kandra.
This makes for easier tab-completion, and also is a bit more explicit
about the expected consumer.
2024-02-06 17:56:27 -08:00
Lauryn Menard 12ec133224 templates: Move billing templates to /templates/corporate/billing. 2024-01-30 10:06:48 -08:00
Lauryn Menard 916892e437 templates: Move support templates to /templates/corporate/support.
Also, makes small updates to `next_plan_forms_support.html`.
Removes unneeded "btn" and "btn-default" classes, and updates
the placeholder text for the input as not marked for translation.
2024-01-30 10:06:48 -08:00
Lauryn Menard efd0d689fc templates: Move activity templates to /templates/corporate/activity.
Also, renames `ad_hoc_query.html` to `activity_table.html`,
`realm_summary_table.html` to `installation_activity_table.html`,
and `activity_details_template.html` to `activity.html`.

Removes the style attribute in the installation activity template
and uses a CSS class, "installation-activity-header", to center the
h3 and p tags instead. This removes an exception from the custom
lint check.
2024-01-30 10:06:48 -08:00
nimishmedatwal 5e2d620d9f help: Add installation through Flathub.
Fixes #28508
2024-01-26 09:07:38 -08:00
Karl Stolley a37354f92a corporate: Add a Basic plan. 2023-12-20 23:09:21 -08:00
evykassirer 24dc2e783d message_store: Migrate message_store to typescript. 2023-12-17 09:43:47 -08:00
Anders Kaseorg e601d0ae7c models: Rename zerver/models.py to zerver/models/__init__.py.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-12-16 22:08:44 -08:00
Lauryn Menard 6621de6f07 analytics: Add copy email button for remote server support view. 2023-12-03 14:27:07 -08:00
Aman Agrawal b5b7fc9957 billing: Use navbar used in login/help pages. 2023-11-10 05:17:52 +05:30
Aman Agrawal 073d9bf3c9 custom_check: Exclude billing pages from translation check. 2023-11-06 14:55:14 -08:00
Alex Vandiver a21971ceae config_error: Split error pages into their own pages.
This is much easier to maintain than a giant set of if statements.
2023-10-11 17:13:01 -07:00
Aman Agrawal 75826d8409 handlebars: Move popover handlebars to a new popovers folder.
Organize related handlebars in a new folder together.
2023-10-05 08:19:49 -07:00
Aman Agrawal 3415a6898c user_card_popover: Rename `_title` suffix to `_avatar`. 2023-10-05 08:19:49 -07:00
Mateusz Mandera f71e2c8247 support: Add basic support endpoint for remote servers. 2023-10-04 16:55:47 -07:00
Prakhar Pratyush 58568a60d6 settings: Add automatically follow and unmute topics policy settings.
This commit adds two user settings, named
* `automatically_follow_topics_policy`
* `automatically_unmute_topics_in_muted_streams_policy`

The settings control the user's preference on which topics they
will automatically 'follow' or 'unmute in muted streams'.

The policies offer four options:
1. Topics I participate in
2. Topics I send a message to
3. Topics I start
4. Never (default)

There is no support for configuring the settings through the UI yet.
2023-10-04 13:04:29 -07:00
Anders Kaseorg acd0c5568a corporate: Remove Twitter third-party JavaScript and branding.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-09-21 08:53:37 -07:00
Daniil Fadeev d89cd1e241 user_card_popover: Rename Handlebars templates.
List of renamed templates:
`user_info_popover_content` -> `user_card_popover_content`
`user_info_popover_manage_menu` -> `user_card_popover_manage_menu`
`user_info_popover_title` -> `user_card_popover_title`
2023-09-15 12:24:00 -07:00
Anders Kaseorg 31b5879242 docs: Remove obsolete mentions of reStructuredText.
Commit b53e676860 (#19600) removed the
last of our reST.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-09-09 01:56:16 -07:00
Zixuan James Li f4caf9dd79 api: Add new typed_endpoint decorators.
The goal of typed_endpoint is to replicate most features supported by
has_request_variables, and to improve on top of it. There are some
unresolved issues that we don't plan to work on currently. For example,
typed_endpoint does not support ignored_parameters_supported for 400
responses, and it does not run validators on path-only arguments.

Unlike has_request_variables, typed_endpoint supports error handling by
processing validation errors from Pydantic.

Most features supported by has_request_variables are supported by
typed_endpoint in various ways.

To define a function, use a syntax like this with Annotated if there is
any metadata you want to associate with a parameter, do note that
parameters that are not keyword-only are ignored from the request:
```
@typed_endpoint
def view(
    request: HttpRequest,
    user_profile: UserProfile,
    *,
    foo: Annotated[int, ApiParamConfig(path_only=True)],
    bar: Json[int],
    other: Annotated[
        Json[int],
        ApiParamConfig(
            whence="lorem",
            documentation_status=NTENTIONALLY_UNDOCUMENTED
        )
    ] = 10,
) -> HttpResponse:
    ....
```

There are also some shorthands for the commonly used annotated types,
which are encouraged when applicable for better readability and less
typing:
```
WebhookPayload = Annotated[Json[T], ApiParamConfig(argument_type_is_body=True)]
PathOnly = Annotated[T, ApiParamConfig(path_only=True)]
```

Then the view function above can be rewritten as:
```
@typed_endpoint
def view(
    request: HttpRequest,
    user_profile: UserProfile,
    *,
    foo: PathOnly[int],
    bar: Json[int],
    other: Annotated[
        Json[int],
        ApiParamConfig(
            whence="lorem",
            documentation_status=INTENTIONALLY_UNDOCUMENTED
        )
    ] = 10,
) -> HttpResponse:
    ....
```

There are some intentional restrictions:
- A single parameter cannot have more than one ApiParamConfig
- Path-only parameters cannot have default values
- argument_type_is_body is incompatible with whence
- Arguments of name "request", "user_profile", "args", and "kwargs" and
  etc. are ignored by typed_endpoint.
- positional-only arguments are not supported by typed_endpoint. Only
  keyword-only parameters are expected to be parsed from the request.
- Pydantic's strict mode is always enabled, because we don't want to
  coerce input parsed from JSON into other types unnecessarily.
- Using strict mode all the time also means that we should always use
  Json[int] instead of int, because it is only possible for the request
  to have data of type str, and a type annotation of int will always
  reject such data.

typed_endpoint's handling of ignored_parameters_unsupported is mostly
identical to that of has_request_variables.
2023-09-08 08:20:17 -07:00
Lalit Kumar Singh 4f3a971e64 ts: Migrate `channel.js` module to TypeScript. 2023-08-28 09:19:07 -07:00
Zixuan James Li a081428ad2 user_groups: Make locks required for updating user group memberships.
**Background**

User groups are expected to comply with the DAG constraint for the
many-to-many inter-group membership. The check for this constraint has
to be performed recursively so that we can find all direct and indirect
subgroups of the user group to be added.

This kind of check is vulnerable to phantom reads which is possible at
the default read committed isolation level because we cannot guarantee
that the check is still valid when we are adding the subgroups to the
user group.

**Solution**

To avoid having another transaction concurrently update one of the
to-be-subgroup after the recursive check is done, and before the subgroup
is added, we use SELECT FOR UPDATE to lock the user group rows.

The lock needs to be acquired before a group membership change is about
to occur before any check has been conducted.

Suppose that we are adding subgroup B to supergroup A, the locking protocol
is specified as follows:

1. Acquire a lock for B and all its direct and indirect subgroups.
2. Acquire a lock for A.

For the removal of user groups, we acquire a lock for the user group to
be removed with all its direct and indirect subgroups. This is the special
case A=B, which is still complaint with the protocol.

**Error handling**

We currently rely on Postgres' deadlock detection to abort transactions
and show an error for the users. In the future, we might need some
recovery mechanism or at least better error handling.

**Notes**

An important note is that we need to reuse the recursive CTE query that
finds the direct and indirect subgroups when applying the lock on the
rows. And the lock needs to be acquired the same way for the addition and
removal of direct subgroups.

User membership change (as opposed to user group membership) is not
affected. Read-only queries aren't either. The locks only protect
critical regions where the user group dependency graph might violate
the DAG constraint, where users are not participating.

**Testing**

We implement a transaction test case targeting some typical scenarios
when an internal server error is expected to happen (this means that the
user group view makes the correct decision to abort the transaction when
something goes wrong with locks).

To achieve this, we add a development view intended only for unit tests.
It has a global BARRIER that can be shared across threads, so that we
can synchronize them to consistently reproduce certain potential race
conditions prevented by the database locks.

The transaction test case lanuches pairs of threads initiating possibly
conflicting requests at the same time. The tests are set up such that exactly N
of them are expected to succeed with a certain error message (while we don't
know each one).

**Security notes**

get_recursive_subgroups_for_groups will no longer fetch user groups from
other realms. As a result, trying to add/remove a subgroup from another
realm results in a UserGroup not found error response.

We also implement subgroup-specific checks in has_user_group_access to
keep permission managing in a single place. Do note that the API
currently don't have a way to violate that check because we are only
checking the realm ID now.
2023-08-24 17:21:08 -07:00
Sahil Batra ba00907946 bots: Re-parent bot while reactivating if original owner is deactivated.
Since the original owner is deactivated, we change the owner to the
admin who is reactivating the bot.
2023-08-16 15:37:37 -07:00
Zixuan James Li c9a299a8f8 validators: Split out test_validators. 2023-08-11 16:43:12 -07:00
Alex Vandiver def6bf17eb tests: Split out missed_message email tests. 2023-08-09 15:49:49 -07:00
Zixuan James Li 000761ac0c realm_playgrounds: Replace url_prefix with url_template.
Dropping support for url_prefix for RealmPlayground, the server now uses
url_template instead only for playground creation, retrieval and audit
logging upon removal.

This does the necessary handling so that url_template is expanded with
the extracted code.

Fixes #25723.

Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2023-07-24 17:40:59 -07:00
Anders Kaseorg 7e811ea1bd custom_check: Remove checks for deleted ui_report aliases.
They were deleted in commit 2d52463b61.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-06-09 16:46:57 -07:00
Lauryn Menard 4fcb243769 api-docs: Standardize on lowercase true, false and null.
Creates a custom linter rule for `zerver/openapi/zulip.yaml` to
only allow lowercase versions of "true", "false" and "null".

Updates existing documentation for new rules.
2023-05-16 12:31:03 -07:00
Aman Agrawal c0ef1c360a message_send: Edit scheduled message if its ID is present.
If the ID of the scheduled message is passed by the client, we
edit the existing scheduled message instead of creating a new one.

However, this will soon be moved into its own API endpoint.
2023-04-14 17:38:37 -07:00
Tim Abbott 1d2cf734f3 lint: Limit JS assert rule to web/tests. 2023-04-14 12:26:33 -07:00