Commit Graph

519 Commits

Author SHA1 Message Date
evykassirer babe525b5c linter: Add _html as a variable name for safe html. 2024-03-11 09:56:18 -07:00
Lauryn Menard 1f72ab5133 remote-support: Show active billing user emails. 2024-02-23 13:21:54 -08:00
Alex Vandiver b23d90ed62 puppet: Rename puppet/zulip_ops to puppet/kandra.
This makes for easier tab-completion, and also is a bit more explicit
about the expected consumer.
2024-02-06 17:56:27 -08:00
Lauryn Menard 12ec133224 templates: Move billing templates to /templates/corporate/billing. 2024-01-30 10:06:48 -08:00
Lauryn Menard 916892e437 templates: Move support templates to /templates/corporate/support.
Also, makes small updates to `next_plan_forms_support.html`.
Removes unneeded "btn" and "btn-default" classes, and updates
the placeholder text for the input as not marked for translation.
2024-01-30 10:06:48 -08:00
Lauryn Menard efd0d689fc templates: Move activity templates to /templates/corporate/activity.
Also, renames `ad_hoc_query.html` to `activity_table.html`,
`realm_summary_table.html` to `installation_activity_table.html`,
and `activity_details_template.html` to `activity.html`.

Removes the style attribute in the installation activity template
and uses a CSS class, "installation-activity-header", to center the
h3 and p tags instead. This removes an exception from the custom
lint check.
2024-01-30 10:06:48 -08:00
nimishmedatwal 5e2d620d9f help: Add installation through Flathub.
Fixes #28508
2024-01-26 09:07:38 -08:00
Karl Stolley a37354f92a corporate: Add a Basic plan. 2023-12-20 23:09:21 -08:00
evykassirer 24dc2e783d message_store: Migrate message_store to typescript. 2023-12-17 09:43:47 -08:00
Anders Kaseorg e601d0ae7c models: Rename zerver/models.py to zerver/models/__init__.py.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-12-16 22:08:44 -08:00
Lauryn Menard 6621de6f07 analytics: Add copy email button for remote server support view. 2023-12-03 14:27:07 -08:00
Aman Agrawal b5b7fc9957 billing: Use navbar used in login/help pages. 2023-11-10 05:17:52 +05:30
Aman Agrawal 073d9bf3c9 custom_check: Exclude billing pages from translation check. 2023-11-06 14:55:14 -08:00
Alex Vandiver a21971ceae config_error: Split error pages into their own pages.
This is much easier to maintain than a giant set of if statements.
2023-10-11 17:13:01 -07:00
Aman Agrawal 75826d8409 handlebars: Move popover handlebars to a new popovers folder.
Organize related handlebars in a new folder together.
2023-10-05 08:19:49 -07:00
Aman Agrawal 3415a6898c user_card_popover: Rename `_title` suffix to `_avatar`. 2023-10-05 08:19:49 -07:00
Mateusz Mandera f71e2c8247 support: Add basic support endpoint for remote servers. 2023-10-04 16:55:47 -07:00
Prakhar Pratyush 58568a60d6 settings: Add automatically follow and unmute topics policy settings.
This commit adds two user settings, named
* `automatically_follow_topics_policy`
* `automatically_unmute_topics_in_muted_streams_policy`

The settings control the user's preference on which topics they
will automatically 'follow' or 'unmute in muted streams'.

The policies offer four options:
1. Topics I participate in
2. Topics I send a message to
3. Topics I start
4. Never (default)

There is no support for configuring the settings through the UI yet.
2023-10-04 13:04:29 -07:00
Anders Kaseorg acd0c5568a corporate: Remove Twitter third-party JavaScript and branding.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-09-21 08:53:37 -07:00
Daniil Fadeev d89cd1e241 user_card_popover: Rename Handlebars templates.
List of renamed templates:
`user_info_popover_content` -> `user_card_popover_content`
`user_info_popover_manage_menu` -> `user_card_popover_manage_menu`
`user_info_popover_title` -> `user_card_popover_title`
2023-09-15 12:24:00 -07:00
Anders Kaseorg 31b5879242 docs: Remove obsolete mentions of reStructuredText.
Commit b53e676860 (#19600) removed the
last of our reST.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-09-09 01:56:16 -07:00
Zixuan James Li f4caf9dd79 api: Add new typed_endpoint decorators.
The goal of typed_endpoint is to replicate most features supported by
has_request_variables, and to improve on top of it. There are some
unresolved issues that we don't plan to work on currently. For example,
typed_endpoint does not support ignored_parameters_supported for 400
responses, and it does not run validators on path-only arguments.

Unlike has_request_variables, typed_endpoint supports error handling by
processing validation errors from Pydantic.

Most features supported by has_request_variables are supported by
typed_endpoint in various ways.

To define a function, use a syntax like this with Annotated if there is
any metadata you want to associate with a parameter, do note that
parameters that are not keyword-only are ignored from the request:
```
@typed_endpoint
def view(
    request: HttpRequest,
    user_profile: UserProfile,
    *,
    foo: Annotated[int, ApiParamConfig(path_only=True)],
    bar: Json[int],
    other: Annotated[
        Json[int],
        ApiParamConfig(
            whence="lorem",
            documentation_status=NTENTIONALLY_UNDOCUMENTED
        )
    ] = 10,
) -> HttpResponse:
    ....
```

There are also some shorthands for the commonly used annotated types,
which are encouraged when applicable for better readability and less
typing:
```
WebhookPayload = Annotated[Json[T], ApiParamConfig(argument_type_is_body=True)]
PathOnly = Annotated[T, ApiParamConfig(path_only=True)]
```

Then the view function above can be rewritten as:
```
@typed_endpoint
def view(
    request: HttpRequest,
    user_profile: UserProfile,
    *,
    foo: PathOnly[int],
    bar: Json[int],
    other: Annotated[
        Json[int],
        ApiParamConfig(
            whence="lorem",
            documentation_status=INTENTIONALLY_UNDOCUMENTED
        )
    ] = 10,
) -> HttpResponse:
    ....
```

There are some intentional restrictions:
- A single parameter cannot have more than one ApiParamConfig
- Path-only parameters cannot have default values
- argument_type_is_body is incompatible with whence
- Arguments of name "request", "user_profile", "args", and "kwargs" and
  etc. are ignored by typed_endpoint.
- positional-only arguments are not supported by typed_endpoint. Only
  keyword-only parameters are expected to be parsed from the request.
- Pydantic's strict mode is always enabled, because we don't want to
  coerce input parsed from JSON into other types unnecessarily.
- Using strict mode all the time also means that we should always use
  Json[int] instead of int, because it is only possible for the request
  to have data of type str, and a type annotation of int will always
  reject such data.

typed_endpoint's handling of ignored_parameters_unsupported is mostly
identical to that of has_request_variables.
2023-09-08 08:20:17 -07:00
Lalit Kumar Singh 4f3a971e64 ts: Migrate `channel.js` module to TypeScript. 2023-08-28 09:19:07 -07:00
Zixuan James Li a081428ad2 user_groups: Make locks required for updating user group memberships.
**Background**

User groups are expected to comply with the DAG constraint for the
many-to-many inter-group membership. The check for this constraint has
to be performed recursively so that we can find all direct and indirect
subgroups of the user group to be added.

This kind of check is vulnerable to phantom reads which is possible at
the default read committed isolation level because we cannot guarantee
that the check is still valid when we are adding the subgroups to the
user group.

**Solution**

To avoid having another transaction concurrently update one of the
to-be-subgroup after the recursive check is done, and before the subgroup
is added, we use SELECT FOR UPDATE to lock the user group rows.

The lock needs to be acquired before a group membership change is about
to occur before any check has been conducted.

Suppose that we are adding subgroup B to supergroup A, the locking protocol
is specified as follows:

1. Acquire a lock for B and all its direct and indirect subgroups.
2. Acquire a lock for A.

For the removal of user groups, we acquire a lock for the user group to
be removed with all its direct and indirect subgroups. This is the special
case A=B, which is still complaint with the protocol.

**Error handling**

We currently rely on Postgres' deadlock detection to abort transactions
and show an error for the users. In the future, we might need some
recovery mechanism or at least better error handling.

**Notes**

An important note is that we need to reuse the recursive CTE query that
finds the direct and indirect subgroups when applying the lock on the
rows. And the lock needs to be acquired the same way for the addition and
removal of direct subgroups.

User membership change (as opposed to user group membership) is not
affected. Read-only queries aren't either. The locks only protect
critical regions where the user group dependency graph might violate
the DAG constraint, where users are not participating.

**Testing**

We implement a transaction test case targeting some typical scenarios
when an internal server error is expected to happen (this means that the
user group view makes the correct decision to abort the transaction when
something goes wrong with locks).

To achieve this, we add a development view intended only for unit tests.
It has a global BARRIER that can be shared across threads, so that we
can synchronize them to consistently reproduce certain potential race
conditions prevented by the database locks.

The transaction test case lanuches pairs of threads initiating possibly
conflicting requests at the same time. The tests are set up such that exactly N
of them are expected to succeed with a certain error message (while we don't
know each one).

**Security notes**

get_recursive_subgroups_for_groups will no longer fetch user groups from
other realms. As a result, trying to add/remove a subgroup from another
realm results in a UserGroup not found error response.

We also implement subgroup-specific checks in has_user_group_access to
keep permission managing in a single place. Do note that the API
currently don't have a way to violate that check because we are only
checking the realm ID now.
2023-08-24 17:21:08 -07:00
Sahil Batra ba00907946 bots: Re-parent bot while reactivating if original owner is deactivated.
Since the original owner is deactivated, we change the owner to the
admin who is reactivating the bot.
2023-08-16 15:37:37 -07:00
Zixuan James Li c9a299a8f8 validators: Split out test_validators. 2023-08-11 16:43:12 -07:00
Alex Vandiver def6bf17eb tests: Split out missed_message email tests. 2023-08-09 15:49:49 -07:00
Zixuan James Li 000761ac0c realm_playgrounds: Replace url_prefix with url_template.
Dropping support for url_prefix for RealmPlayground, the server now uses
url_template instead only for playground creation, retrieval and audit
logging upon removal.

This does the necessary handling so that url_template is expanded with
the extracted code.

Fixes #25723.

Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2023-07-24 17:40:59 -07:00
Anders Kaseorg 7e811ea1bd custom_check: Remove checks for deleted ui_report aliases.
They were deleted in commit 2d52463b61.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-06-09 16:46:57 -07:00
Lauryn Menard 4fcb243769 api-docs: Standardize on lowercase true, false and null.
Creates a custom linter rule for `zerver/openapi/zulip.yaml` to
only allow lowercase versions of "true", "false" and "null".

Updates existing documentation for new rules.
2023-05-16 12:31:03 -07:00
Aman Agrawal c0ef1c360a message_send: Edit scheduled message if its ID is present.
If the ID of the scheduled message is passed by the client, we
edit the existing scheduled message instead of creating a new one.

However, this will soon be moved into its own API endpoint.
2023-04-14 17:38:37 -07:00
Tim Abbott 1d2cf734f3 lint: Limit JS assert rule to web/tests. 2023-04-14 12:26:33 -07:00
Daniil Fadeev 5c6f842b28 emails: Replace Premailer with CSS-inline.
Primary goal of library replacement is improving execution speed.
This commit should not affect the functionality of the system
or make any changes to it.
2023-04-03 15:15:05 -07:00
Hardik Dharmani ebc07c0dd7 ts: Covert `dialog_widget.js` to typescript.
Created `WidgetConfig` type which has all the parameter that can be
passed launch(). Except html_heading, html_body, and on_click all
other fields are optional. Therefore, removed checking of undefined
mandatory fields as it will be done by typescript.

Co-authored-by: Hardik Dharmani <Ddharmani99@gmail.com>
2023-04-01 11:54:53 -07:00
Sahil Batra 1874491178 templates: Extract realm creation form html in new template file.
This commit extracts realm creation form html in a new file
realm_creation_form.html as we are reworking the organization
flow as per #24307 and this change would allow us to avoid
duplicating the code.
2023-03-27 15:44:42 -07:00
Prakhar Pratyush ab8222c4ae custom_check: Update FILES_WITH_LEGACY_SUBJECT set.
This commit adds 'zerver/lib/email_notifications.py'
to the FILES_WITH_LEGACY_SUBJECT set.

Because the file can have 'subject' in the email sense,
it should be exempted from the 'avoid subject as a var' lint rule.
2023-03-14 17:48:57 -07:00
Anders Kaseorg cea1119423 node_tests: Move to web/tests.
This lets us simplify the long-ish ‘../../static/js’ paths, and will
remove the need for the ‘zrequire’ wrapper.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-02-23 16:04:17 -08:00
Anders Kaseorg c1675913a2 web: Move web app to ‘web’ directory.
Ever since we started bundling the app with webpack, there’s been less
and less overlap between our ‘static’ directory (files belonging to
the frontend app) and Django’s interpretation of the ‘static’
directory (files served directly to the web).

Split the app out to its own ‘web’ directory outside of ‘static’, and
remove all the custom collectstatic --ignore rules.  This makes it
much clearer what’s actually being served to the web, and what’s being
bundled by webpack.  It also shrinks the release tarball by 3%.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-02-23 16:04:17 -08:00
Anders Kaseorg 5aaa36b8fc ruff: Enable logging format rules.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-02-04 16:36:20 -08:00
Lauryn Menard dbacc00f0f api-docs: Move markdown files to top level directory.
- Updates `.prettierignore` for the new directory.
- Updates any reference to the API documentation directory for
  markdown files to be `api_docs/` instead of `zerver/api/`.
- Removes a reference link from `docs/documentation/api.md` that
  hasn't referenced anything in the text since commit 0542c60.
- Update rendering of API documentation for new directory.
2023-02-02 17:25:40 -08:00
Lauryn Menard dedea23745
help-docs: Move help center documentation to top level directory.
These files are not Jinja2 templates, so there's no reason that they needed
to be inside `templates/zerver`. Moving them to the top level reflects their
importance and also makes it feel nicer to work on editing the help center content, 
without it being unnecessary buried deep in the codebase.
2023-01-25 14:08:29 -08:00
Anders Kaseorg 2afdb46095 ruff: Enable new lints DTZ, ISC, PIE, PLW, Q, S, SIM.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-01-04 16:25:07 -08:00
Anders Kaseorg 17300f196c ruff: Fix ISC003 Explicitly concatenated string.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-01-04 16:25:07 -08:00
Yuri Sulyma 911b3b5365 ts: Convert util.js to TypeScript; add (Raw)Message type in types.ts.
Co-authored-by: Zixuan James Li <p359101898@gmail.com>
2022-12-13 15:23:29 -08:00
Tim Abbott 158352c339 lint: Remove stale compose_error linter rule.
The module has been renamed, but also the original linter rule was
likely ineffective because of the length of compose_banner calls
anyway.

I'm not particularly worried about future internationalization bugs
here, so removing seems better than replacing it.
2022-12-06 15:48:22 -08:00
Anders Kaseorg 9972fcc85b custom_check: Remove exclusions for comment annotations check.
Commit 2762121162 (#21552) made them
unnecessary.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-11-18 10:08:24 -08:00
Anders Kaseorg 4dce3c54d9 custom_check: Remove assertEquals check.
Ruff checks this as U005 (and even auto-fixes it).

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-11-18 10:08:24 -08:00
Anders Kaseorg adffad384c lint: Replace pycodestyle and pyflakes with ruff.
https://github.com/charliermarsh/ruff

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-11-03 12:10:15 -07:00
Anders Kaseorg d41afb2b25 tools: Add missing spaces in concatenated string literals.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-10-24 14:52:49 -07:00
Anders Kaseorg 7d485aa58f docs: Correct more “webapp” to “web app”.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-09-08 20:23:28 -07:00