Commit Graph

8756 Commits

Author SHA1 Message Date
Mateusz Mandera 6c069f4365 api: Improve handling of delivery_email in the GET /users/{email} API.
Limiting lookups by delivery_email to users with "everyone" email
visibility is overly simplistic. We can successfully do these lookups
whenever the requester has the permission to view the real email address
of the user they're looking up.
2024-10-08 18:01:49 -07:00
Mateusz Mandera 8e51442043 users: Add ROLE_TO_ACCESSIBLE_EMAIL_ADDRESS_VISIBILITY_IDS dict.
This is helpful for taking an "acting user" and getting the list of
email_address_visibility values such that the UserProfiles with those
values of the setting permit the acting user to view their
deliver_email.

This can be used for a query "all users whose delivery_email is viewable
by <requester>" in an upcoming commit.

The added code is ugly, but at least it lets us simplify some similarly
ugly logic in can_access_delivery_email.
2024-10-08 18:01:49 -07:00
Tim Abbott ba8801b07f import: Fix incorrect RealmEmoji query.
The name field is not present in exports from the S3 backend.
2024-10-08 17:43:18 -07:00
Tim Abbott 4caa396f49 import_realm: Do not check acting_user for Zulip updates.
The question is whether this was previously exported, not whether it
was previously exported without a traceable acting user.
2024-10-08 17:43:18 -07:00
Sahil Batra 1033230b52 user_groups: Include "can_join_group" field in user group objects.
Fixes part of #25938.
2024-10-08 12:18:13 -07:00
Sahil Batra e1d7f57da7 user_groups: Add can_join_group setting for user group.
This field will be used to control permission for who can
join a user group.

Fixes part of #25938.
2024-10-08 12:18:13 -07:00
Prakhar Pratyush d6c48b7185 delete_message: Fix recipients of "delete_message" event.
Earlier, we were sending 'delete_message' event to all active
subscribers of the stream.

We shouldn't send event to those users who don't have access
to the deleted message in a private stream with protected history.

This commit fixes that bug.

Also, now we use 'event_recipient_ids_for_action_on_messages'.
It helps to add hardening such that if the invariant "no usermessage
row corresponding to a message exists if the user loses access to the
message" is violated due to some bug, it has minimal user impact.
2024-10-07 11:35:06 -07:00
Aman Agrawal 3f726e25e4 message_fetch: Add message_ids parameter to /messages request.
This allows us to fetch messages for a list of message ids in a
single request.
2024-10-07 11:00:40 -07:00
Prakhar Pratyush 07dcee36b2 export_realm: Add RealmExport model.
Earlier, we used to store the key data related to realm exports
in RealmAuditLog. This commit adds a separate table to store
those data.

It includes the code to migrate the concerned existing data in
RealmAuditLog to RealmExport.

Fixes part of #31201.
2024-10-04 12:06:35 -07:00
Prakhar Pratyush 5d9eb4e358 realm_export: Save stats in '.json' format instead of '.txt'.
This commit updates code to store the realm export stats in
json format instead of plain text.

This will help in storing the stats as JsonField in RealmExport table.
2024-10-04 12:06:35 -07:00
Shubham Padia 0634f75582 settings: Rearrange group settings in alphabetical order. 2024-10-04 11:15:01 -07:00
Alex Vandiver ed8058d060 message: Do not differentiate topics by case when aggregating. 2024-10-03 16:35:45 -07:00
Tim Abbott 1ff14fd0f1 analytics: Pass subgroup=None to improve indexing.
Because the main indexes on end_time either don't include realm_id or
do include subgroup, passing an explicit subgroup=None for
single-realm queries to read CountStats that don't use the subgroups
feature greatly improves the query plans.
2024-10-02 14:11:44 -04:00
Shubham Padia 12ebd97f1f settings: Add group_creator as default for can_manage_group.
We create an unnamed user group with just the group creator as it's
member when trying to set the default. The pattern I've followed across
most of the acting_user additions is to just put the user declared
somewhere before the check_add_user_group and see if the test passes.
If it does not, then I'll look at what kind of user it needs to be set
to `acting_user`.
2024-10-01 17:35:14 -07:00
Shubham Padia 91edf59873 settings: Rename can_edit_all_user_groups to use `manage`.
Having both `manage` and `edit` terminologies was confusing, so
this commit ensures that we use `manage` wherever applicable.
2024-10-01 17:35:14 -07:00
Shubham Padia 6e9d56eaf4 user_groups: Check permission to manage groups based on group setting.
We also add exception for the group creator to manage groups. See
https://chat.zulip.org/#narrow/stream/3-backend/topic/Group.20creation.20-.20who.20can.20change.20the.20setting.2E/near/1943861
for more details. For the tests, wherever possible, we've just added an
acting_user when creating a group to test.
We've also added an acting_user argument to create_user_group_for_test.
We will not remove `user_group_edit_policy` yet. That will be removed
once we have introduced this setting to the frontend.
2024-10-01 17:35:14 -07:00
Shubham Padia 2b6414acfb settings: Add can_manage_all_groups setting to realm.
This commit does not add the logic of using this setting to actually
check the permission on the backend. That will be done in a later
commit.
Only owners can modify this setting, but we will add that logic in a
later commit in order to keep changes in this commit minimal.
Adding the setting breaks the frontend, since the frontend tries to find
a dropdown widget for the setting automatically. To avoid this, we've
added a small temporary if statement to `settings_org.js`.
Although, most lists where we insert this setting follow an unofficial
alphabetical order, `can_manage_all_groups` has been bunched together
with `can_create_groups` since keeping those similar settings together
would be nicer when checking any code related to creating/managing a
user group.
2024-10-01 17:35:14 -07:00
Shubham Padia fc46673f23 settings: Add can_create_groups setting to realm.
This commit does not add the logic of using this setting to actually
check the permission on the backend. That will be done in a later
commit.

Adding the setting breaks the frontend, since the frontend tries to find
a dropdown widget for the setting automatically. To avoid this, we've
added a small temporary if statement to `settings_org.js`.
2024-10-01 17:35:14 -07:00
Lauryn Menard 4283207f6f help-relative: Add option for "Not subscribed" tab of channels overlay.
Updates the relative help link for "Browse and subscribe to channels"
in help center "Introduction to channels" article.

Fixes #31605.
2024-10-01 10:28:30 -07:00
Sahil Batra b8a039ee99 user_groups: Include settings and supergroups in error response.
The error response when a user group cannot be deactivated due
to it being used as a subgroup or for a setting includes details
about the supergroups, streams, user groups as well the settings
for which it is used.
2024-10-01 09:45:33 -07:00
Sahil Batra c1973d2263 user_groups: Add access_user_group_to_read_membership.
This commit adds access_user_group_to_read_membership function
so that we can avoid calling get_user_group_by_id_in_realm with
"for_read=True" from views functions, which is better for security
since that function does not do any access checks.
2024-10-01 09:36:01 -07:00
Tim Abbott 096fea48a0 user_groups: Add docstrings for several functions. 2024-09-30 18:42:14 -07:00
Sahil Batra b554106e6d user_groups: Allow members of subgroups to manage group.
Previously, if the user_group_edit_policy was set to allow
members or full members to manage the group, the user had
to be the direct member of the group being managed.

This commit updates the code to allow members of the subgroups
as well to manage the group as technically members of the
subgroups are member of the group.

This also improves the code to not fetch all the group members
to check this, and instead directly call is_user_in_group
which uses "exists" to check it.
2024-09-30 18:42:14 -07:00
Sahil Batra 233775d257 user_groups: Rename has_user_group_access.
This commit renames has_user_group_access function to
has_user_group_access_for_subgroup, since the function
is only used to check access for using a group as subgroup.
2024-09-30 18:42:14 -07:00
Sahil Batra 0c89621fa6 user_groups: Refactor code to check permissions.
This commit refactors the code to check permission for
accessing user group in such a way that we can avoid
duplicate code in future when we will have different
settings controlling the permissions for editing group
details and settings, joining the group, adding others
to group, etc.
2024-09-30 18:42:14 -07:00
Mateusz Mandera 06fa99e87c do_change_user_delivery_email: Add acting_user kwarg.
This is standard for our do_change_... functions.
2024-09-30 12:00:14 -07:00
Lauryn Menard ef1275e6fe help: Remove 'Getting your organization started with Zulip' guide.
Creates a URLRedirect for this help center article to go to the
new "Moving to Zulip" guide.

Updates the astro.config.mjs file for the changes to the help
center sidebar that have been made as part of the replacement
of this help center guide.

Fixes #31499.
2024-09-30 11:58:31 -07:00
Lauryn Menard f9de3f9a45 onboarding: Use "Moving to Zulip" guide in emails & Welcome bot message.
Replaces links to "Getting your organization started with Zulip"
in onboarding emails and Welcome bot direct message for owners of
new organizations.

Revises text in those emails and messages to reflect the new
"Moving to Zulip" help center guide that is now used.
2024-09-30 11:58:31 -07:00
Lauryn Menard 7d21e20cb4 help-links: Limit billing related relative gear menu links.
In order to only generate relative links for Zulip Cloud billing
specific gear menu options in relevant help center articles, we
pass down settings.CORPORATE_ENABLED to be set as a global variable
for zerver/lib/markdown/help_relative_links.py so that self-hosted
servers' help center documentation will not have these links.
2024-09-30 11:35:45 -07:00
Tim Abbott e6e3b12124 import_realm: Fix crash importing data with topic moves. 2024-09-28 11:53:30 -07:00
Alex Vandiver a20673a267 upload: Allow filtering to just a prefix (e.g. a realm id). 2024-09-26 12:01:11 -07:00
Alex Vandiver 579cf4ada7 upload: Make local-file save_attachment_contents chunk-at-a-time.
This means it does not attempt to hold large files entirely in memory
when writing them to a new location on disk.
2024-09-26 12:01:11 -07:00
Alex Vandiver 2dc737335e upload: Switch from BinaryIO to IO[bytes].
This is slightly more generally-compatible.
2024-09-26 12:01:11 -07:00
Alex Vandiver 638c579c56 tusd: Set metadata correctly in S3.
The Content-Type, Content-Disposition, StorageClass, and general
metadata are not set according to our patterns by tusd; copy the file
to itself to update those properties.
2024-09-26 12:00:43 -07:00
Alex Vandiver 287850d08d tusd: Remove non-ASCII characters from path-ids. 2024-09-26 12:00:43 -07:00
Alex Vandiver 84280ed7c2 upload: When serving s3 download URLs, send real filename.
Setting `ResponseContentDisposition=attachment` means that we override
the stored `ContentDisposition`, which includes a filename.  This
means that using the "Download" link on servers with S3 storage
produced a file named the sanitized version we stored.

Explicitly build a `ContentDisposition` to tell S3 to return, which
includes both `attachment` as well as the filename (if we have it
locally).
2024-09-26 12:00:43 -07:00
Tim Abbott 9b67164270 email_notifications: Fix emoji being giant in Outlook.
Apparently, Outlook ignores height/width CSS rules, but does support
the attribute on the image element itself, so specify that instead.

I don't think there are likely to be image tag implementations that
don't support the attribute, given that's the only thing that works in
Outlook.
2024-09-26 11:58:12 -07:00
Anders Kaseorg 88782f2917 integrations: Lazily load webhook integrations.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2024-09-24 18:17:52 -07:00
Anders Kaseorg 6c442273ee test_urls: Remove dead URLResolutionTest.
This test was written back when Django accepted view function names as
strings that might be wrong; that’s not possible in Django ≥ 1.10.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2024-09-24 18:17:52 -07:00
Anders Kaseorg 184c0203f3 upload: Lazily import boto3.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2024-09-24 16:38:37 -07:00
Vector73 9e4e85e140 saved_snippets: Add backend for saved snippets.
Part of #31227.
2024-09-24 15:27:58 -07:00
Tim Abbott 90a4b4934a text_fixtures: Fix buggy skip-checks placement. 2024-09-24 15:00:46 -07:00
Prakhar Pratyush 65f465562f export_realm: Remove the 'react on consent message' approach.
For exporting full with consent:

* Earlier, a message advertising users to react with thumbs up
  was sent and later used to determine the users who consented.

* Now, we no longer need to send such a message. This commit
  updates the logic to use `allow_private_data_export` user-setting
  to determine users who consented.

Fixes part of #31201.
2024-09-24 14:32:42 -07:00
Tim Abbott 9d74abee0b tools: Skip checks in recursive management calls. 2024-09-24 14:26:34 -07:00
tnmkr ddecba4e1c custom_profile_fields: Add "editable_by_user" setting.
This new property allows organization administrators to specify whether
users can modify the custom profile field value on their own account.
This property is configurable for individual fields.

By default, existing and newly created fields have this property set to
true, that is, they allow users to edit the value of the fields.

Fixes part of #22883.

Co-Authored-By: Ujjawal Modi <umodi2003@gmail.com>
2024-09-23 18:09:38 -07:00
Alex Vandiver ce0df00e44 export: Notify all realm admins on realm export. 2024-09-23 10:02:43 -07:00
Alex Vandiver 7afe6800f7 export: Use relative paths, include more data. 2024-09-23 10:02:43 -07:00
Alex Vandiver e125ad823d exports: Add a separate bucket for realm exports.
This allows finer-grained access control and auditing.  The links
generated also expire after one week, and the suggested configuration
is that the underlying data does as well.

Co-authored-by: Prakhar Pratyush <prakhar@zulip.com>
2024-09-20 15:43:49 -07:00
Alex Vandiver c1e8ecd08f uploads: Cache boto client in the module and be writable.
The `get_signed_upload_url` code is called for every S3 file serve
request, and is thus in the hot path.  The boto3 client caching
optimization is thus potentially useful as a performance optimization.
2024-09-20 15:43:49 -07:00
Alex Vandiver 1a7b3ef7ed upload: Use get_export_tarball_url in upload_export_tarball. 2024-09-20 15:43:49 -07:00
Alex Vandiver 4cf835d9dd upload: Remove common cache from get_export_tarball_url.
This is not called in the hot path like get_avatar_url is.
2024-09-20 15:43:49 -07:00
Alex Vandiver a5bf452202 upload: Realm is not Optional in upload_export_tarball.
af4eb8c0d5 marked the base class and local backend as non-Optional,
but left the S3 backend as Optional for some reason.

Remove it.
2024-09-20 15:43:49 -07:00
Alex Vandiver 91ac5c3c8b export: Log before the compression step, which can be slow. 2024-09-20 15:43:49 -07:00
Tim Abbott 51d0dfb504 docs: Tweak some documentation around send_event. 2024-09-20 15:28:18 -07:00
Prakhar Pratyush e763d065a3 django_api: Rename 'send_event' to 'send_event_rollback_unsafe'.
This commit renames the 'send_event' function to
'send_event_rollback_unsafe' to reflect the fact that it doesn't
wait for the db transaction (within which it gets called, if any)
to commit and sends event irrespective of commit or rollback.

In most of the cases we don't want to send event in the case of
rollbacks, so the caller should be aware that calling the function
directly is rollback unsafe.
2024-09-20 15:20:18 -07:00
Mateusz Mandera 18fbb5d146 retention: Limit number of ids passed to db in delete messages query.
If do_delete_messages (and friends) are called for a massive number of
messages, the giant list of message ids is passed to Postgres even
though chunk_size makes all but the first chunk_size of message ids
useless.
2024-09-20 09:31:21 -07:00
Mateusz Mandera ed7c330548 retention: Rename run_archiving_in_chunks to run_archiving. 2024-09-20 09:31:21 -07:00
Sahil Batra c53563d0e7 user_groups: Handle deactivated groups in webapp. 2024-09-18 13:41:13 -07:00
Sahil Batra 5c790aac72 user_groups: Rename allow_deactivated in 'GET /user_groups'.
This commit renames "allow_deactivated" parameter in
"GET /user_groups" endpoint to "include_deactivated_groups", so
that we can have consistent naming here and for client capability
used for deciding whether to send deactivated groups in register
response and how to handle the related events.
2024-09-18 13:41:13 -07:00
Sahil Batra fb63c47ea6 user_groups: Add client capability to handle deactivated groups.
This commit adds a client capability to not receive data about
deactivated groups.
2024-09-18 13:41:13 -07:00
Sahil Batra 7a6135371e settings: Handle guests separately for group-based settings.
This commit adds code to handle guests separately for group
based settings, where guest will only have permission if
that particular setting can be set to "role:everyone" group
even if the guest user is part of the group which is used
for that setting. This is to make sure that guests do not
get permissions for actions that we generally do not want
guests to have.

Currently the guests do not have permission for most of them
except for "Who can delete any message", where guest could
delete a message if the setting was set to a user defined
group with guest being its member. But this commit still
update the code to use the new function for all the settings
as we want to have a consistent pattern of how to check whether
a user has permission for group-based settings.
2024-09-18 11:51:11 -07:00
Alex Vandiver 9a1f78db22 thumbnail: Support checking for images from streaming sources.
We may not always have trivial access to all of the bytes of the
uploaded file -- for instance, if the file was uploaded previously, or
by some other process.  Downloading the entire image in order to check
its headers is an inefficient use of time and bandwidth.

Adjust `maybe_thumbnail` and dependencies to potentially take a
`pyvips.Source` which supports streaming data from S3 or disk.  This
allows making the ImageAttachment row, if deemed appropriate, based on
only a few KB of data, and not the entire image.
2024-09-17 12:51:30 -07:00
Alex Vandiver ef21dd9b99 thumbnail: Set a stable ordering on ImageAttachment rows for locking.
Failure to have a stable ordering can lead to deadlocks.
2024-09-17 09:14:52 -07:00
Johan Nilsson bf9cbe30a7 integrations: Add support for release events to GitLab integration. 2024-09-16 09:26:20 -07:00
sujal shah 614caf111e user_groups: Add `creator` and `date_created` field in user groups.
This commit introduced 'creator' and 'date_created'
fields in user groups, allowing users to view who
created the groups and when.

Both fields can be null for groups without creator data.
2024-09-13 18:44:58 -07:00
Vector73 0cd51f2fea settings: Remove `delete_own_message_policy` realm property.
Removed `delete_own_message_policy` realm property as the permission
to delete own messages is controlled by `can_delete_own_message_group`
setting.
2024-09-12 09:36:02 -07:00
Vector73 28c7a04734 settings: Add `can_delete_own_message_group` realm setting.
Added `can_delete_message_group` realm setting to replace
`delete_own_message_policy` property.
2024-09-12 09:36:02 -07:00
Sahil Batra 688c5ad0af groups: Allow excluding deactivated groups in 'GET /user_groups' response. 2024-09-11 09:43:56 -07:00
Sahil Batra fef2925ff0 mention: Handle mentioning deactivated user groups.
If someone tries to mention a deactivated user group,
then it is automatically converted to a silent mention
like we do for deactivated users.
2024-09-11 09:43:56 -07:00
Sahil Batra c1d6da0a5c user_groups: Update handling of deactivated groups.
We only allow updating name of a deactivated group, and not
allow updating description, members, subgroups and any setting
of a deactivated user group.

Deactivated user groups cannot be a a subgroup of any group
or used as a setting for a group.
2024-09-11 09:43:56 -07:00
Sahil Batra e1cfe61452 user_groups: Add API support for deactivating user groups. 2024-09-11 09:43:56 -07:00
Sahil Batra bef7cfe00f user_groups: Add deactivated field to NamedUserGroup model. 2024-09-11 09:43:56 -07:00
Sahil Batra f0c0eef8dc groups: Lock user group rows while using them for settings.
This is important to make sure that we handle cases when there
are two parallel requests - one for using a group for a setting
and one for deactivating the same group. This makes sure that
atleast one of the above task fails.
2024-09-11 09:43:56 -07:00
Mateusz Mandera a36f906d1a presence: Add history_limit_days param to the API.
This param allows clients to specify how much presence history they want
to fetch. Previously, the server always returned 14 days of history.
With the recent migration of the presence API to the much more efficient
system relying on incremental fetches via the last_update_id param added
in #29999, we can now afford to provide much more history to clients
that request it - as all that historical data will only be fetched once.

There are three endpoints involved:
- `/register` - this is the main useful endpoint for this, used by API
clients to fetch initial data and register an events queue. Clients can
pass the `presence_history_limit_days` param here.
- `/users/me/presence` - this endpoint is currently used by clients to
update their presence status and fetch incremental data, making the new
functionality not particularly useful here. However, we still add the
new `history_limit_days` param here, in case in the future clients
transition to using this also for the initial presence data fetch.
- `/` - used when opening the webapp. Naturally, params aren't passed
here, so the server just assumes a value from
`settings.PRESENCE_HISTORY_LIMIT_DAYS_FOR_WEB_APP` and returns
information about this default value in page_params.
2024-09-10 13:15:35 -07:00
Prakhar Pratyush e8349aa5d7 custom_email: Add manage_preferences block to the plaintext version.
Earlier, the content of the "manage_preferences" block that includes
the unsubscribe_link, personal settings link, etc was missing in the
plaintext version of the custom emails.

This commit updates the logic to include the manage_preferences block
content in the plaintext version.
2024-09-10 09:36:56 -07:00
Alex Vandiver 8bacdbc895 thumbnail: Put the original dimensions on spinner images.
This lets us reserve the right amount of space in the message feed
immediately.
2024-09-09 15:59:02 -07:00
Alex Vandiver 903bfb31e6 upload: Provide the frontend with the less-modified filename. 2024-09-09 12:40:17 -07:00
Alex Vandiver b4764f49df upload: Download files with their original names.
Fixes: #29491.
2024-09-09 12:40:17 -07:00
Alex Vandiver 933e3cb375 upload: Explicitly return a bool and the Attachment object. 2024-09-09 12:40:17 -07:00
Alex Vandiver 0b0a7fa251 attachments: Tighten type of validate_attachment_request_for_spectator_access. 2024-09-09 12:40:17 -07:00
Alex Vandiver ca72e756eb upload: Rename "upload_image_to_s3"; it is not only for images. 2024-09-09 12:40:17 -07:00
Lauryn Menard d431a5aad6 audit-log: Move user group event types to AuditLogEventType enum.
Event types moved: USER_GROUP_CREATED, USER_GROUP_DELETED
USER_GROUP_DIRECT_USER_MEMBERSHIP_ADDED,
USER_GROUP_DIRECT_USER_MEMBERSHIP_REMOVED,
USER_GROUP_DIRECT_SUBGROUP_MEMBERSHIP_ADDED,
USER_GROUP_DIRECT_SUBGROUP_MEMBERSHIP_REMOVED,
USER_GROUP_DIRECT_SUPERGROUP_MEMBERSHIP_ADDED,
USER_GROUP_DIRECT_SUPERGROUP_MEMBERSHIP_REMOVED,
USER_GROUP_NAME_CHANGED, USER_GROUP_DESCRIPTION_CHANGED,
USER_GROUP_GROUP_BASED_SETTING_CHANGED
2024-09-09 11:50:13 -07:00
Lauryn Menard df1e9093a9 audit-log: Move stream/channel event types to AuditLogEventType enum.
Renamed event types below in the enum class to use channel instead of
stream.

Event types moved: STREAM_CREATED, STREAM_DEACTIVATED, STREAM_NAME_CHANGED
STREAM_REACTIVATED, STREAM_MESSAGE_RETENTION_DAYS_CHANGED
STREAM_PROPERTY_CHANGED, STREAM_GROUP_BASED_SETTING_CHANGED
2024-09-09 11:50:13 -07:00
Lauryn Menard 10d161638e audit-log: Move subscription event types to AuditLogEventType enum.
Event types moved: SUBSCRIPTION_CREATED, SUBSCRIPTION_ACTIVATED,
SUBSCRIPTION_DEACTIVATED, SUBSCRIPTION_PROPERTY_CHANGED.
2024-09-09 11:50:13 -07:00
Lauryn Menard 56c8cbde1e audit-log: Move realm event types to AuditLogEventType enum.
Event types moved: REALM_CREATED, REALM_DEFAULT_USER_SETTINGS_CHANGED
REALM_ORG_TYPE_CHANGED, REALM_DOMAIN_ADDED, REALM_DOMAIN_CHANGED
REALM_DOMAIN_REMOVED, REALM_PLAYGROUND_ADDED, REALM_PLAYGROUND_REMOVED
REALM_LINKIFIER_ADDED, REALM_LINKIFIER_CHANGED, REALM_LINKIFIER_REMOVED
REALM_EMOJI_ADDED, REALM_EMOJI_REMOVED, REALM_LINKIFIERS_REORDERED
REALM_IMPORTED
2024-09-09 11:50:13 -07:00
Lauryn Menard d2c32f23db audit-log: Move realm event types to AuditLogEventType enum.
Event types moved: REALM_DEACTIVATED, REALM_REACTIVATED, REALM_SCRUBBED
REALM_PLAN_TYPE_CHANGED, REALM_LOGO_CHANGED, REALM_EXPORTED
REALM_PROPERTY_CHANGED, REALM_ICON_SOURCE_CHANGED, REALM_DISCOUNT_CHANGED
REALM_SPONSORSHIP_APPROVED, REALM_BILLING_MODALITY_CHANGED
REALM_REACTIVATION_EMAIL_SENT, REALM_SPONSORSHIP_PENDING_STATUS_CHANGED
REALM_SUBDOMAIN_CHANGED
2024-09-09 11:50:13 -07:00
Lauryn Menard caeeaf3c3f audit-log: Move user event types to AuditLogEventType enum.
Event types moved: USER_SOFT_ACTIVATED, USER_SOFT_DEACTIVATED
USER_PASSWORD_CHANGED, USER_AVATAR_SOURCE_CHANGED, USER_FULL_NAME_CHANGED
USER_EMAIL_CHANGED, USER_TERMS_OF_SERVICE_VERSION_CHANGED
USER_API_KEY_CHANGED, USER_BOT_OWNER_CHANGED,
USER_DEFAULT_SENDING_STREAM_CHANGED, USER_DEFAULT_REGISTER_STREAM_CHANGED
USER_DEFAULT_ALL_PUBLIC_STREAMS_CHANGED, USER_SETTING_CHANGED
USER_DIGEST_EMAIL_CREATED
2024-09-09 11:50:13 -07:00
Lauryn Menard e5daa3470f audit-log: Move user event types to AuditLogEventType enum.
Event types moved: USER_CREATED, USER_ACTIVATED, USER_DEACTIVATED
USER_REACTIVATED, USER_ROLE_CHANGED, USER_DELETED
USER_DELETED_PRESERVING_MESSAGES
2024-09-09 11:50:13 -07:00
joseph b0a20d2cae attachments: Return a list of removed attachments while editing.
Currently, we want to ask users if they would like to delete their
attachments after they have removed the attachments while editing. These
changes are preparatory changes on the backend to return a list of removed
attachments after the user has removed attachments while editing.

Fixes part of #25525.
2024-09-06 11:40:51 -07:00
Kenneth Rodrigues 1d580f143e endpoints: Modify comments mentioning has_request_variables and REQ. 2024-09-05 16:02:12 -07:00
Kenneth Rodrigues dc32396180 endpoints: Remove the has_request_variables decorator.
All endpoints have been migrated to the typed_endpoint decorator,
therefore the has_request_variables decorator and the REQ function are
no longer needed and have been removed.
2024-09-05 16:02:12 -07:00
Anders Kaseorg e3abd09e67 thumbnail: Fix corrupted email notifications due to HTML5 entities.
BeautifulSoup with formatter="html5" unnecessarily escapes many
characters with HTML5-specific entities that cannot be correctly
parsed by lxml during generation of email notifications.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2024-09-05 16:00:45 -07:00
Alex Vandiver cec0942b4b users: Allow zero-width-joiners in user names.
Partially fixes: #20128.
2024-09-03 16:34:55 -07:00
Anders Kaseorg 91ade25ba3 python: Simplify with str.removeprefix, str.removesuffix.
These are available in Python ≥ 3.9.
https://docs.python.org/3/library/stdtypes.html#str.removeprefix

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2024-09-03 12:30:16 -07:00
Alya Abbott d7761f7163 help: Add a guide on moving to Zulip. 2024-09-01 16:16:04 -07:00
Alya Abbott 7df0db142b help: Document how to invite users in imported organizations. 2024-09-01 16:16:04 -07:00
bedo 3da91e951c auth: Migrate to @typed_endpoint.
Since this is the last has_request_variables endpoint outside tests,
more test_openapi code needs to be deleted in this transition.
2024-08-30 16:56:14 -07:00
Prakhar Pratyush 656c65c74c edit_history: Remove 'prev_rendered_content_version' field.
This commit removes the 'prev_rendered_content_version'
field from:

* the 'edit_history' object within message objects in the
API response of `GET /messages`, `GET /messages/{message_id}`
and `POST /zulip-outgoing-webhook`.
* the 'update_message' event type

as it is an internal server implementation detail not used
by any client.

Note: The field is still stored in the 'edit_history' column
of the 'Message' table as it will be helpful when making
major changes to the markup rendering process.
2024-08-29 15:37:12 -07:00
Alex Vandiver 0c07c6531c thumbnail: Enqueue thumbnails when we render a spinner.
Thumbnails are usually enqueued in the worker when the image is
uploaded.  However, for images which were uploaded before the
existence of the thumbnailing worker, and whose metadata was
backfilled (see previous commit) this leaves a permanent spinner,
since nothing triggers the thumbnail worker for them.

Enqueue a thumbnail worker for every spinner which we render into
Markdown.  This ensures that _something_ is attempting to resolve the
spinner which the user sees.  In the case of freshly-uploaded images
which are still in the queue, this results in a duplicate entry in the
thumbnailing queue -- this is harmless, since the worker determines
that all of the thumbnails we need have already been generated, and it
does no further work.  However, in the case of historical uploads, it
properly kicks off the thumbnailing process and results in a
subsequent message update to include the freshly-generated thumbnail.

While specifically useful for backfilled uploads, this is also
generally a good safety step for a good user experience, as it also
prevents dropped events in the queue from unknown causes from leaving
perpetual spinners in the message feed.

Because `get_user_upload_previews` is potentially called twice for
every message with spinners (see 6f20c15ae9), we add an additional
flag to `get_user_upload_previews` to suppress a _second_ event from
being enqueued for every spinner generated.
2024-08-29 12:11:51 -07:00
Lauryn Menard 8ace23ffa9 docs: Update help center links for stream to channel rename.
Fixes the URLRedirects for "help/about-streams-and-topics" and
"help/streams-and-topics" to go to "/help/introduction-to-topics"
since "help/channels-and-topics" has been redirected to that URL.
2024-08-27 13:30:28 -07:00