It's always better to use the user ID than the email for fetching data
about an object whose unique ID we have, which should be all of them.
And it's also cleaner code to use the standard people.js method; tabbott
checked that indeed all callers get their `user` objects from `people.js`.
Since we restrict spectators from having access to avatars using
email to avoid someone brute forcing a user's email, this removes
a 401 response from the server in spectator view when trying
to open user info popover.
Additionally, this fixes the cached-fetching behavior documented in
the comments we add about the way we construct URLs.
Add `escape_navigates_to_default_view` as a bool setting in
UserBaseSettings model and implement it as a checkbox that toggles
the hotkey implementation of escape to the default view in the
advanced user display settings.
With /help/ documentation edits from Alya Abbott.
Fixes#20043.
User-supplied custom realm filter has had some sort of regex-based
validation of the format URL since their introduction in
d7e1e4a2c0 -- and this has always been
in addition to the URLValidator. The URLValidator is the one which
does the security-relevant work of validating that the schema is
reasonable, and that the overall shape of the URL is well-formed. The
regex has served primarily to arbitrary limit the characters that can
appear in the URL, in the mistaken name of safety.
Adjust the regex, such that its only purpose is to verify that the
usages of `%` characters in the URL are reasonable, and leave the URL
validation to the URLValidator, which can do a far better job. This
includes broadening the support to include `%%` as an escape
character; this is likely such a niche case as to be unnecessary, but
costs little.
Fixes#16013.
Removes the `/day` and `/night` options from the typeahead menu while
still allowing the commands to be used. Typing `/day` and `/night`
will now suggest `/light` and `/dark`, respectively. Also changes the
`Dark mode` and `Light mode` popups that appear after using the
corresponding command.
Fixes#18318.
The previous code has a lot of code unrelated to mock_template.
So, this commit replaces it with a better example which also
demonstrates how to test conditionals in templates.
Translation handlebars helpers were not getting changed when we
mock static/js/i18n.ts and then unmock it in a different test.
We mock i18n.ts for every test except node_tests/i18n.js.
So, running any code that calls the registered handlebar
helpers related to translations before running i18n test
will run the helper functions registered with mocked i18n module.
The subsequent tests too would use those functions registered
with mocked i18n module.
This causes the i18n test to fail as we expect the registered
helpers to use actual i18n.ts instead of a mock if we have
code that would call the registered translation helpers in
tests that run before i18n.
Previously, on receiving udpate event of realm-level default setting,
we updated the whole page, but this might be problematic now in case
where user has edited settings in two subsections with save/discard
button still present and if user clicks on save button of one
subsection then the setting in other subsection also resets to its
original value as whole page is updated.
So, this commit changes the behavior to only update the changed
setting and not affecting other settings similar to what we do
in 'Organization settings' and 'Organization permissions' sections.
We also do not call 'settings_display.report_emojiset_change' when
realm-level default of emojiset setting is updated because we now
uses save/discard widget.
We use 'admin-realm-form' class as selector in save-discard click
handlers instead of 'organization' which includes all the organization
settings sections, but save/discard widget is used only for some
sections and all of them are inside the form with class 'admin-realm-form'.
This will also help us to avoid code duplication when changing the realm
level defaults section to use save-discard widget.
Move the password tracking variables from setup to channel module.
Track password_change requests in channel.
Directly use xhr object to store `password_changes` information.
Tests modified to accomodote this change by converting strings to
objects.
Zulip attempts to validate that the regular expressions that admins
enter for linkifiers are well-formatted, and only contain a specific
subset of regex grammar. The process of checking these
properties (via a regex!) can cause denial-of-service via
backtracking.
Furthermore, this validation itself does not prevent the creation of
linkifiers which themselves cause denial-of-service when they are
executed. As the validator accepts literally anything inside of a
`(?P<word>...)` block, any quadratic backtracking expression can be
hidden therein.
Switch user-provided linkifier patterns to be matched in the Markdown
processor by the `re2` library, which is guaranteed constant-time.
This somewhat limits the possible features of the regular
expression (notably, look-head and -behind, and back-references);
however, these features had never been advertised as working in the
context of linkifiers.
A migration removes any existing linkifiers which would not function
under re2, after printing them for posterity during the upgrade; they
are unlikely to be common, and are impossible to fix automatically.
The denial-of-service in the linkifier validator was discovered by
@erik-krogh and @yoff, as GHSL-2021-118.
Also added a waitFor for the modal to disappear and removed
waitFor for the spinner to hide which would obviously be hidden
with modal and it also doesn't add much value.
For text that already has the formatting that the user is
trying to apply, we undo the formatting. This gives a nice
experience of applying and removing the formatting from text
on the same button press.
Users wanted a feature where they could specify
which users can create public streams and which users can
create private streams.
This splits stream creation code into two parts,
public and private stream creation.
Fixes#17009.
This commit replaces 'allow_message_deleting' boolean setting
with an integer setting 'delete_own_message_policy'. We have a
separate dropdown now for deciding which user-roles can delete
messages sent by themselves and the time-limit setting droddown
is different.
This new setting has two options - everyone and admins only. Other
options including moderators will be added further.
We also remove the "Never" option from the original time-limit
dropdown, as admins are always allowed to delete message. This
never option resembled the case of only admins being allowed to
delete but this state is now resembled by setting the dropdown
to "admins only" and we also disable the time-limit dropdown in
this case as admins are allowed to delete irrespective of limit.
Note, this setting is only for deleting messages sent by the
deleting user themselves, and only admins are allowed to delete
messages sent by others as before.
We make zero invalid value for message_content_delete_limit_seconds and
for handling the case of "Allow to delete message any time", the API-level
value of message_content_delete_limit_seconds is "anytime" and "None"
as the DB-level value. We also use these values for message retention
setting, so it helps maintain consistency.
This commit removes the existing default_twenty_four_hour_time field in
Realm table which was used to set the twenty_four_hour_time setting of
new user on joining and instead we now use the twenty_four_hour_time
field of RealmUserDefault table for the same.
With some tweaks by tabbott to clarify the documentation.
We will add realm-level defaults of notification settings in
further commits which will result in two elements with same
class. So, this commit specifies container element id along
with the class of setting element to make sure that we wait
for the correct element.
We pass user_settings object to all_notifications and
get_notifications_table_row_data such that we can use these
functions for realm-level settings also.
We do not have any system user groups as of
now, but this commit is just a prep commit
to prevent any change in user-facing pages
to avoid confusion till this feature is
completed.
This change was initially made in 6117c38,
but it was reverted in 1543775a due to merge
conflicts with the typescript migration of
user_groups.js.
This commit adds code for live-updating the realm-level default
settings page which contains only display settings as of now.
This commit also adds realm_user_settings_defaults object to
zpage_params so that we can write the tests.
This commit changes the behavior of how we show
animated emojis in the buddy list. We now show still
image of animated emoji and when hovered show the
animated emoji.
Fixes#19521
This commit displays a banner at the top for demo orgs letting the
user know that the org will be automatically deleted in the
specified number of days. The alerts are prioritized as follows:
- If there are <=7 days left till deletion, the alert is prioritized
above desktop notification queries and is colored red.
- If there are more then 7 days left till deletion, the alert is
prioritized below desktop notification queries.
This is a part of #19523.
We change the label of various organization settings
to specify moderators.
Labels for 'admins only', 'admins and moderators'
and 'nobody' are still same.
The updated labels are -
- 'Admins, moderators and full members'
- 'Admins, moderators and members'
- 'Admins, moderators, members and guests'
These options will be replaced by user groups in
future but this is an intermediate fix.
Fixes#19562.
This test was `assert`ing the draft is not getting cleared
as soon as sending, which is desired behaviour to some extent
because we don't want to delete it until we receive a confirmation
from the server, but given the right amount of delay (or very
low network latency), the draft will be cleared. This inconsistency
was causing failures.
We could better test this with a node test. A node test was
already added in #18827.
We are renaming stream to stream_name in formatted draft object
just to be more explicit and be clear that we are storing that
stream name in this variable.
This commit changes snapshot_message to store stream_id for
drafts along with stream names. The stream_id field is
undefined if draft is for empty or invalid stream name.
After this change:
- If draft has a valid stream_id stored and it maps to
a stream, then we display the stream name from the
obtained stream object.
- If draft.stream_id is undefined or doesn't map to a stream,
then we display the name stored in draft.stream, which can
be invalid (no stream of this name existed ever), can be
empty and can also be name of a deactivated stream.
This change helps us to show correct stream-name for drafts
in case of renaming a stream.
Fixes#15155.
Along with the extraction, we do some simplifications of inserting
text in compose too. This same function can now be used in
compose formatting popover too.
We use "text-field-edit", which has good cross-browser `undo` /
`redo` support, to do the text replace for us instead of writing
that logic ourselves.
Before this commit, the message or any draft is deleted as soon
as the compose box is closed. So, it removes that by removing
delete_active_drafts and instead this commit will add the deletion
process of drafts in reify_message_id that is called when a
message is successfully sent and received.
Now, see there are two types of messages, one that are locally
echoed and the second ones are that aren't locally echoed but
sent directly to server. This commit only saves the message in
draft if it is locally echoed as they are the only messages
that show message failed in message list. The non locally echoed
ones aren't remove from the compose box until they are
successfully sent. Now as the draft-id is stored in the message
data for locally echoed messages, as they are echoed from the
server, they are deleted using that draft-id.
This also adds node tests for echo reify_message_id for testing
this feature that this commit is adding.
Fixes#17697
This will be used to check if the narrow being requested by
spectator requires authentication without requesting the server.
Having this check locally, makes this process look snappy to
the user and doesn't result in 404s in the browser log.
For spectators, without sending any request to the server,
check locally if the hash requires authentication or which
shows a feature that requires authentication;
if it does, we show login_to_access modal to the user.
This was originally meant to fix the emoji mapping conflict during a
Slack import. In Slack, 🎉 and ㊗️ have different
symbols, but they both map to 🎉 in Zulip prior to this commit.
㊗️ now refers to the Japanese character version, as is
observed in Matrix and Slack.
I expand the fix to include all other Japanese characters. Matrix.org
and Slack already have those characters in their symbol section, and so
this is to reach feature parity.
See the discussion thread in https://chat.zulip.org/#narrow/stream/9-issues/topic/duplicate.20emoji.20in.20data.20import
We rename class of notification settings except checkboxes
by prefixing them with 'setting_' for clarity.
We do not change class of checkboxes because settings_checkbox
is used by other templates also and if we only change class
of those using notification_settings_checkboxes then live
update code will break and will need to add separate condition
for differentiating between which partial template is used.
This is a prep commit for adding UI for realm-level default
of user settings. We refactor the code to use classes
instead of ids such that we can use the common code for the
new settings.
We add a prefix to id of default_language_modal.hbs
such that we can use the same code for user settings
and realm-level settings.
We also add a class "default_language_modal" to the
modal div to avoid duplicate css.
This is a prep commit for adding UI for realm-level
default of user settings. We refactor the code to use
classes instead of ids such that we can use the common
code for the new settings.
Our typeahead system is very sensitive, a simple internal
focus can hide it. This leads to occasional failure on the
puppeteer test.
This commit tries to solve it by clicking via javascript
instead of manual puppeteer click.
We now use the newly added "user_settings" event in the frontend
code instead of previous "update_global_notifications" and
"update_display_settings" events which are now depreceated.
Return zulip_merge_base alongside zulip_version
in `/register`, `/event` and `/server_settings`
endpoint so that the value can be used by other
clients.
As the right sidebar re-renders many times, often the
element puppeteer selected becomes stale, to avoid this
issue we are using javascript to click on the element.
This commit also ensures that the set user status modal
is completely open before we start clicking.
This reverts commit 5e97ec9ad9.
This change has been pretty confusing for users, and so we need to do
something more in order to make the UI acceptable to change this
default.
This commit moves the warn_if_private_stream_is_linked,
needs_subscribe_warning, and warn_if_mentioning_unsubscribed_user
to compose_validate.js from compose.js.
These warning functions are very naturally part of the compose box
validation system, though they're a bit different in being called from
the typeahead codebase.
Part of splitting compose.js into more natural modules.
This commit enhances our Multiselect dropdown list widget by
displaying a tippy tooltip over the dropdown button once it's
text changes to `n selected` where n is the number of items
selected by user which exceeds the limit passed.
It essentially helps the user to identify the dropdown items they
have selected by just hovering over the dropdown toggle button.
This commit adds the support to select multiple dropdown items by inheriting
dropdown list widget and overriding some of it's properties.
The parameters that can be passed along with it are-
- widget_name: The desired name of the widget.
- data: The data that needs to be populated as dropdown items.
- default_text: The default text to be rendered when none of the items is selected.
- on_update: Function to trigger once the filter button is pressed.
- on_close: Function to trigger once the dropdown is successfully closed after filtering.
- value: The default value that is initially selected by user.
- limit: The maximum number of dropdown items to display on button text.
This widget can later be implemented in recent topic view to replace the
several ellipses filter button and also within the organisation user's page
to quickly sort the users list according to their org role.
This is a prep commit for adding the support of Multiselect
dropdown list widget by prototypal inheritance.
The following change actually revamps the dropdown list widget
into a constructor function, due to which the widget is now to
be initialized with the `new` keyword (which adds a property
to __proto__ object that links to the constructor function's
prototype object).
Example-
const foo = new DropdownListWidget({....});
Due to the above change, this commit also modifies the declaration
of dropdown_list_widget across all our instances.
This commit improves the approach to click on the menu
icon on the right sidebar. It'd first hover on the list
instead of the menu to avoid the occasional "HTML node
not present" error. As menu icon our only visible when
we hover over the item.
In this commit, we only update the existing architecture
to support the status emoji feature:
* We add the `user_status_emoji_info` map so we can
keep track of the users' staus emoji.
* Listen to the server event to update/set the
`user_status_emoji_info` map.
* Add `status_emoji_info` field, when getting user's data.
This commit replaces boolean field add_emoji_by_admins_only with an
integer field add_custom_emoji_policy as we would also add full members
and moderators option for this setting in further commits.
This commit moves "enter_sends" setting to property_types dict.
With this change, changing enter_sends setting also sends an
event of type "update_display_settings" and thus enables us
to live-update the UI.