Commit Graph

52899 Commits

Author SHA1 Message Date
neiljp (Neil Pilgrim) 53da9ef072 api-changelog: Clarify change in behavior at feature level 152.
The change in behavior suggesting the need for this clarification is
summarized below, as discussed in the following topic:
https://chat.zulip.org/#narrow/stream/378-api-design/topic/update_message.20default.20notifications
The new text is as suggested by Greg Price.

The change at feature level 152 made the moving of topics within and
between streams more consistent, by applying the optional parameters
introduced for the latter to both cases (`send_notification_to_[new|old]_thread`).

The default for the `old` notification value was changed to `false` at
this point, but the equivalent `new` value was not. This introduced a
change in behavior for existing clients of the API when moving topics
within streams, which now always produce a notification message by
default.

The improved consistency and default behavior for new API clients were
considered primary factors at the time of this change, overriding
concerns over backwards compatbility.
2023-08-28 10:46:53 -07:00
neiljp (Neil Pilgrim) f259e85924 api-changelog: Add missing register change to feature level 48 entry.
This corrects the entry with the addition of the `muted_users` field at
level 48, originally added in 3bfcaa3968.
2023-08-28 10:46:53 -07:00
Lalit Kumar Singh 4f3a971e64 ts: Migrate `channel.js` module to TypeScript. 2023-08-28 09:19:07 -07:00
Yogesh Sirsat f3830a3e1e settings_streams: Delete redundant uses of "update_choice_delete_btn".
It is unnecessory to make use of `update_choice_delete_btn` since
we disable the dialog submit button in case no default streams
selected in Org settings > Default streams > Add stream.

This commit is a follow-up to PR: #22903
2023-08-28 08:52:43 -07:00
Yogesh Sirsat a729c95ada custom_profile_fields: Fix empty field choices issue of select field.
While editing select type profile field, if we submit empty or zero
choices it fails silently, current implementation for this issue does
not work for some cases, and this commit will fix that.

This will disable dialog submit button in case of empty field choices.

Also removing code of all calls making to `update_choice_delete_btn`
as that function have no more use-case for empty field choices, still
keeping the function because it gets used in `settings_streams.js`.

Co-authored-by: Palash Baderia <palash.baderia@outlook.com>
2023-08-28 08:52:43 -07:00
David Rosa 54044a1045 help: Document keyboard shortcut for starring messages.
Fixes: #26573.
2023-08-28 08:49:49 -07:00
David Rosa 7b2d5df3dd help: Document keyboard shortcut for viewing message edit history.
Fixes: #26573.
2023-08-28 08:49:49 -07:00
Sahil Batra ada2991f1c users: Send stream creation/deletion events on role change.
We now send stream creation and stream deletion events on
changing a user's role because a user can gain or lose
access to some streams on changing their role.
2023-08-25 12:56:36 -07:00
Sahil Batra 5e3c39ea4f streams: Extract some code out of do_get_streams in a new function.
This commit extracts the code which queries the required streams
to a new function "get_user_streams". The new functions returns
the list of "Stream" object and not dictionaries and then
do_get_streams function converts it into list of dictionaries.

This change is important because we would use the new function
in further commit where we want list of "Stream" objects and
not list of dictionaries.
2023-08-25 12:56:36 -07:00
Sahil Batra 5e1eb3cd44 events: Fix applying stream creation events in apply_event.
There was a bug in apply_event code where only a stream which
is not private is added to the "never_subscribed" data after
a stream creation event. Instead, it should be added to the
"never_subscribed" data irrespective of permission policy of
the stream as we already send stream creation events only to
those users who can access the stream. Due to the current
bug, private streams were not being added to "never_subscribed"
data in apply_event for admins as well. This commit fixes it
and also makes sure the "never_subscribed" list is sorted
which was not done before and was also a bug.

The bugs mentioned above were unnoticed as the tests did not
cover these cases and this commit also adds tests for those
cases.
2023-08-25 12:56:36 -07:00
Sahil Batra b92af18928 register: Include web-public streams in "streams" field of response.
The "streams" field in "/register" response did not include web-public
streams for non-admin users but the data for those are eventually
included in the subscriptions data sent using "subscriptions",
"unsubscribed" and "never_subscribed" fields.

This commit adds code to include the web-public streams in "streams"
field as well as everyone can access those and will make the "streams"
data complete.
2023-08-25 12:56:36 -07:00
Daniil Fadeev 53e081ae29 popover_menus: Create an API to render popovers as a centered overlay.
This commit lets us render popovers centered on the screen with a
background overlay. It's the same thing we did with Bootstrap
popovers, but optimized for use with Tippy.
2023-08-25 12:29:36 -07:00
Daniil Fadeev 32d8ae16d2 popover_menus: Extract toggle_popover_menu. 2023-08-25 12:29:36 -07:00
Daniil Fadeev f3641b8369 popovers: Move color style declaration to a better place. 2023-08-25 12:29:36 -07:00
Alex Vandiver 5ca15a36ba version: Update version and changelog after 7.3 release. 2023-08-25 18:21:10 +00:00
Mateusz Mandera f3a3047484 bulk_access_messages_expect_usermessage: Fix function name and comments.
The name and docstring were just wrong, having a UserMessage row isn't
sufficient for having message access and is actually only relevant in a
private stream with private history. The function is only used in a
single place anyway, in bulk_access_messages.

The comment mentioning this function in handle_remove_push_notification
can be tweaked to just not mention any function specifically and just
say why we're not checking message access.
2023-08-25 14:10:27 -04:00
Mateusz Mandera 91eef4d77f delete_in_topic: Add comment explaining the access logic. 2023-08-25 14:10:27 -04:00
Mateusz Mandera c908b518ef CVE-2023-32678: Prevent unauthorized editing/deletion in priv streams.
Users who used to be subscribed to a private stream and have been
removed from it since retain the ability to edit messages/topics, and
delete messages that they used to have access to, if other relevant
organization permissions allow these actions. For example, a user may be
able to edit or delete their old messages they posted in such a private
stream. An administrator will be able to delete old messages (that they
had access to) from the private stream.

We fix this by fixing the logic in has_message_access (which lies at the
core of our message access checks - access_message() and
bulk_access_messages())
to not rely on only a UserMessage row for checking access but also
verify stream type and subscription status.
2023-08-25 14:10:27 -04:00
Karl Stolley 51e3ed0262 compose: Render Mac-specific Cmd, Return at compose bottom. 2023-08-25 10:52:05 -07:00
Daniil Fadeev 54c01ac46e emoji: Remove unnecessary style declaration.
The `.emoji-popover` element is a div and thus has display: block by
default.
2023-08-24 17:54:13 -07:00
Daniil Fadeev 190b25878e emoji: Remove parameter from the emoji popover template.
Only one value was ever used.
2023-08-24 17:54:13 -07:00
Zixuan James Li a081428ad2 user_groups: Make locks required for updating user group memberships.
**Background**

User groups are expected to comply with the DAG constraint for the
many-to-many inter-group membership. The check for this constraint has
to be performed recursively so that we can find all direct and indirect
subgroups of the user group to be added.

This kind of check is vulnerable to phantom reads which is possible at
the default read committed isolation level because we cannot guarantee
that the check is still valid when we are adding the subgroups to the
user group.

**Solution**

To avoid having another transaction concurrently update one of the
to-be-subgroup after the recursive check is done, and before the subgroup
is added, we use SELECT FOR UPDATE to lock the user group rows.

The lock needs to be acquired before a group membership change is about
to occur before any check has been conducted.

Suppose that we are adding subgroup B to supergroup A, the locking protocol
is specified as follows:

1. Acquire a lock for B and all its direct and indirect subgroups.
2. Acquire a lock for A.

For the removal of user groups, we acquire a lock for the user group to
be removed with all its direct and indirect subgroups. This is the special
case A=B, which is still complaint with the protocol.

**Error handling**

We currently rely on Postgres' deadlock detection to abort transactions
and show an error for the users. In the future, we might need some
recovery mechanism or at least better error handling.

**Notes**

An important note is that we need to reuse the recursive CTE query that
finds the direct and indirect subgroups when applying the lock on the
rows. And the lock needs to be acquired the same way for the addition and
removal of direct subgroups.

User membership change (as opposed to user group membership) is not
affected. Read-only queries aren't either. The locks only protect
critical regions where the user group dependency graph might violate
the DAG constraint, where users are not participating.

**Testing**

We implement a transaction test case targeting some typical scenarios
when an internal server error is expected to happen (this means that the
user group view makes the correct decision to abort the transaction when
something goes wrong with locks).

To achieve this, we add a development view intended only for unit tests.
It has a global BARRIER that can be shared across threads, so that we
can synchronize them to consistently reproduce certain potential race
conditions prevented by the database locks.

The transaction test case lanuches pairs of threads initiating possibly
conflicting requests at the same time. The tests are set up such that exactly N
of them are expected to succeed with a certain error message (while we don't
know each one).

**Security notes**

get_recursive_subgroups_for_groups will no longer fetch user groups from
other realms. As a result, trying to add/remove a subgroup from another
realm results in a UserGroup not found error response.

We also implement subgroup-specific checks in has_user_group_access to
keep permission managing in a single place. Do note that the API
currently don't have a way to violate that check because we are only
checking the realm ID now.
2023-08-24 17:21:08 -07:00
Zixuan James Li 9f7fab4213 user_groups: Extract has_user_group_access helper.
Similar to has_message, we can maintain a helper dedicated to managing
access to user groups. Future permission related changes should be added
here.
2023-08-24 17:21:08 -07:00
Zixuan James Li 006b2acd5d user_groups: Make acting user requried for deletion.
When doing a checked deletion, the acting user is always required.
It is effectively the user_profile parameter we had been previously
requiring.
2023-08-24 17:21:08 -07:00
Zixuan James Li 8792cfbadf user_groups: Return a QuerySet for recursive subgroups query.
This makes it more consistent with other recursive queries and allow
better composability.
2023-08-24 17:21:08 -07:00
Zixuan James Li a3f4341934 user_groups: Make for_read required.
We want to make the callers be more explicit about the use of the
user group being accessed, so that the later implemented database lock
can be benefited from the visibility.
2023-08-24 17:21:08 -07:00
Zixuan James Li 37b3507b86 user_groups: Reduce necessary nesting inside try-block.
The error only occurs when we do the get call.
2023-08-24 17:21:08 -07:00
Zixuan James Li 2b2a3b41be settings: Remove lock icon when the user can add bots.
Being able to add bots at the admin bot settings page, the lock icon is
unintuitive.

Fixes #24154

Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2023-08-24 16:57:17 -07:00
Zixuan James Li a4963df6ad settings: Remove "add a new bot button" from admin page.
Instead, we show a message with links that either opens a modal for
creating a new bot or navigates to the bot settings page. The
"add a new bot" link only show up when the user has enough permission
to create new bots, and the "manage your bots" link only shows up when
the user has at least one bot if they don't have the permission to
create one. Otherwise, the message does not show up at all.

Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2023-08-24 16:57:17 -07:00
palashb01 5df5f6c125 help: Update message edit history documentation.
Co-authored-by: Tim Abbott <tabbott@zulip.com>
2023-08-24 16:28:06 -07:00
palashb01 ad70838cff keyboard_shortcuts: Add Shift+H to open message edit history dialog.
This commit introduces a new keyboard shortcut to open the message
edit history dialog for the selected message by using Shift+H.
2023-08-24 16:28:06 -07:00
Palash Baderia 92d1c6e390 message_feed: Remove the view edit history from the three-dot menu.
This commit removes the 'View Edit History' option from the three-dot
menu since we have already implemented this feature through the
edited/moved label in the message. Therefore, we no longer need this
option in the three-dot menu. This commit aims to simplify the
three-dot message menu.

Fixes: #23077
2023-08-24 16:28:06 -07:00
Karl Stolley c7adc5ee74 actions: Show an arrow and render a tooltip on @ indicator. 2023-08-24 14:30:46 -07:00
Karl Stolley 9709e1b4ed actions: Show pointer on bell icon. 2023-08-24 14:30:46 -07:00
Satyam Bansal cc8c159e0a compose: Add support for Jitsi audio calls.
Fixes #12207.
2023-08-24 10:52:34 -07:00
Satyam Bansal 4c501e4321 compose: Extract video call link creation logic to a generic function.
This extraction has been done to make sure that creation of audio call
links can happen in the same function only.

A change in test was also required as the whole logic of finding the
textarea where the link should be inserted happens a bit later now.
2023-08-24 10:52:34 -07:00
David Rosa 5b898ef216 help: Document "Browse and subscribe to streams" mobile feature. 2023-08-24 10:46:28 -07:00
David Rosa cef3a801c2 help: Update "Browse and subscribe to streams".
Updates Desktop/web instructions to follow current help center
documentation patterns.
2023-08-24 10:46:28 -07:00
Anders Kaseorg 03c24bc459 lightbox: Fix + and - zoom shortcuts to be inverses of each other.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-08-24 10:45:25 -07:00
Karl Stolley 207a0d789f message_time: Lighten font-weight to 350.
The tabular figures in Source Sans 3 place a foot on the 1, and
overall just feel visually a little heavier than their proportional
counterparts.

To compensate for that, this takes advantage of the variable-font
properties of Source Sans 3 to subtly drop the weight to keep the
timestamp readable but not in fierce competition with the message
area.
2023-08-24 10:44:39 -07:00
Lauryn Menard 80ee255f2b stats: Add stats page_params to `webpack.assets.json`.
In commit 640de3ad29, a separate
`page_params.ts` was added for the stats/analytics page, but adding
it to the `web/webpack.assets.json` for "stats" was missed, so we
add that here.
2023-08-24 10:43:38 -07:00
Anders Kaseorg 4300ec3293 requirements: Fix transitively replaced two_factor migrations.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-08-23 22:22:15 -07:00
Anders Kaseorg ead7b9177a check-database-compatibility: Ignore twofactor typo.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-08-23 22:14:26 -07:00
Lauryn Menard 29bb346480 typing: Update main typing notifications protocol documentation.
Updates the main description of the `api/set-typing-status` endpoint
for the new fields in the register response for the typing start,
stop, expired time intervals. Previously these were hardcoded by
the client side code and not the server side code.

Also updates the developer documentation for typing indicators in
the subsystems docs. This refreshes a few parts of that doc that
were already out of date, as well as adds the information about
the new register response fields noted above.
2023-08-23 16:38:59 -07:00
Samuel 3ce7b77092 typing: Add typing constants to the post register api response.
Adds typing notification constants to the response given by
`POST /register`. Until now, these were hardcoded by clients
based on the documentation for implementing typing notifications
in the main endpoint description for `api/set-typing-status`.

This change also reflects updating the web-app frontend code
to use the new constants from the register response.

Co-authored-by: Samuel Kabuya <samuel.mwangikabuya@kibo.school>
Co-authored-by: Wilhelmina Asante <wilhelmina.asante@kibo.school>
2023-08-23 16:36:44 -07:00
Anders Kaseorg d26a94a0db management: Validate string_id when creating or renaming a realm.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-08-23 16:33:13 -07:00
Anders Kaseorg 124c5d02e5 ci: Restore commented clean_unused_caches.py invocation.
The comment logic doesn’t make sense.  Every build gets to write to
the caches; some builds do in fact add new items, and without
clean_unused_caches.py there’s no way for them to remove items.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-08-23 16:20:01 -07:00
evykassirer a8d2481d77 generate emoji: Use hex_codepoint_to_emoji.
This new util function helps make the
code here a little more readable.
2023-08-23 16:18:15 -07:00
evykassirer b9303a6506 push notifications: Use hex_codepoint_to_emoji.
Now that we have this util function, we can
use it here. No functional changes.
2023-08-23 16:18:15 -07:00
evykassirer 0289beb784 emoji: Match emoji sequences in markdown.
Fixes #11767.

Previously multi-character emoji sequences weren't matched in the
emoji regex, so we'd convert the characters to separate images,
breaking the intended display.

This change allows us to match the full emoji sequence, and
therefore show the correct image.
2023-08-23 16:18:15 -07:00