This fixes two issues:
* Our guest users feature gave guest users access to public stream
attachments even if they couldn't access the public stream.
* After a user joins a private stream with our new shared history
feature, they couldn't see images uploaded before they joined.
The tests need to check for a few types of issues:
* The actual access control permissions.
* How many database queries are used in the various
cases for that second model, especially with multiple messages
referencing an attachment. This function gets called a lot, and we
want to keep it fast.
Fixes#9372.
This new implementation model is a lot cleaner and should extend
better to the non-oauth backend supported by python-social-auth (since
we're not relying on monkey-patching `do_auth` in the OAuth backend
base class).
This adds a common function `access_user_by_id` to access user id
within same realm, complete with a full suite of unit tests.
Tweaked by tabbott to make the test much more readable.
I don't think this is exactly the right place to document this, but
I'm not sure there's a better one without some restructuring this page
in general (which would probably have value).
Fixes#8769.
My recent refactoring that split out MessageListData
introduced a nasty bug where we were putting muted
messages into the "All Messages" view even though
the underlying list was correctly filtering
them, so the symptoms were two-fold:
- muted messages cluttered up your feed
- replying to the message caused a traceback (since
it wasn't actually in the underlying data
structure)
This has to do with what MessageListData.add_messages()
was passing back to MessageList to orchestrate drawing
in MessageListView.
I think what happened here is I got this working kind
of sloppily but correctly for the non-muting case and
then got in the weeds of some other stuff. Not my
finest moment.
The actual correct code here is simple enough. We
triage top, interior, and bottom, and then the respective
methods that put the data into the data structure
return the filtered lists (i.e. not muted) and put them
into the info structure.
Fixes#9656
I guess we used to have a way to logout from within
settings, but the list item was always hidden when you
went into settings, so it's apparently just dead code,
and it's kind of a strange thing to have in settings.
We want to avoid doing too much setup for the info overlay widget
during initialization, since we don't really need it, and side
effects like focusing a modal can cause hard-to-detect
glitches for other features.
In our toggler component (the thing that handles tabs in things
like our markdown/search help, settings/org, etc.), we have
a callback mechanism when you switch to the tab. We were
being tricky and only calling it when the tab changed.
It turns out it's better to just always call the callback,
since these things are often in modals that open and close,
and if you open a modal for the second time, you want to do
the callback task for whichever setting you're going to.
There was actually kind of a nasty bug with this, where the
keyboard handling in the keyboard-help modal worked fine the
first time you opened it, but then it didn't work the second
time (if you focused some other element in the interim), and
it was due to not re-setting the focus to the inner modal
because we weren't calling the callback.
Of course, there are pitfalls in calling the same callbacks
twice, but our callbacks should generally be idempotent
for other reasons.
We want the Botserver to not only work with the
botserverrc, but also with a zuliprc of an outgoing
webhook. Because the Botserver uses the outgoing
webhook token for authentication, we need to include
it in the zuliprc for outgoing webhooks.
This is preparation for an upcoming refactoring where we pass a bot
ID, not the email/api_key, into the zuliprc generation functions in
the bots code path.
We've for a long time had the behavior that a bot mentioned in a
stream message receives the notification, regardless of whether the
bot was actually subscribed to the stream.
Apparently, this behavior also triggered if you mentioned a bot in a
private message (i.e. the bot would be delievered the private message
and would probably respond unhelpfully in a new group private message
thread with the PMs original recipients plus the bot).
The fix for this bug is simple: To exclude this feature for private
messages.
Tim Abbott
Shubham Dhama
Akash Nimare
Yashashvi Dave
Umair Khan
Raymond Akornor
Eeshan Garg
Max Nussenbaum
Steve Howell
Robert Hönig
