Commit Graph

60919 Commits

Author SHA1 Message Date
Shubham Padia b7764eb6f0 settings: Remove user_group_edit_policy from the frontend. 2024-10-01 17:35:14 -07:00
Shubham Padia f0b9d610a5 settings: Use `can_manage_all_groups` to control who can manage groups.
We also add the exception for the group creator to be able to edit their
group in this commit. This exception was added in the backend in earlier
commits.
2024-10-01 17:35:14 -07:00
Shubham Padia 6e9d56eaf4 user_groups: Check permission to manage groups based on group setting.
We also add exception for the group creator to manage groups. See
https://chat.zulip.org/#narrow/stream/3-backend/topic/Group.20creation.20-.20who.20can.20change.20the.20setting.2E/near/1943861
for more details. For the tests, wherever possible, we've just added an
acting_user when creating a group to test.
We've also added an acting_user argument to create_user_group_for_test.
We will not remove `user_group_edit_policy` yet. That will be removed
once we have introduced this setting to the frontend.
2024-10-01 17:35:14 -07:00
Shubham Padia 91953eca28 realm: Only owners should be able to configure `can_manage_all_groups`. 2024-10-01 17:35:14 -07:00
Shubham Padia 2b6414acfb settings: Add can_manage_all_groups setting to realm.
This commit does not add the logic of using this setting to actually
check the permission on the backend. That will be done in a later
commit.
Only owners can modify this setting, but we will add that logic in a
later commit in order to keep changes in this commit minimal.
Adding the setting breaks the frontend, since the frontend tries to find
a dropdown widget for the setting automatically. To avoid this, we've
added a small temporary if statement to `settings_org.js`.
Although, most lists where we insert this setting follow an unofficial
alphabetical order, `can_manage_all_groups` has been bunched together
with `can_create_groups` since keeping those similar settings together
would be nicer when checking any code related to creating/managing a
user group.
2024-10-01 17:35:14 -07:00
Shubham Padia a9e14a184c settings: Use `can_create_groups` to control who can create user groups. 2024-10-01 17:35:14 -07:00
Shubham Padia 17276e95a1 dropdown_widget: Allow passing is_setting_disabled in the template.
This is a preparatory commit to allow disabling
dropdown_widget_with_label for `can_create_groups` and
`can_manage_all_groups` for non-owners.
2024-10-01 17:35:14 -07:00
Shubham Padia 16389a2ab5 user_groups: Check permission to create groups based on group setting.
We will not remove `user_group_edit_policy` yet. That will be removed
once we have introduced a user group setting to manage edit permissions
to groups.
2024-10-01 17:35:14 -07:00
Shubham Padia 4a1b67804f realm: Default can_create_groups to moderators for education realms. 2024-10-01 17:35:14 -07:00
Shubham Padia d7d03628d0 realm: Only owners should be able to configure `can_create_groups`.
We might introduce a generic testing function similar to
do_test_changing_settings_by_owners_only later, but not right now, since
there is only 1 setting at the moment needing that test.
2024-10-01 17:35:14 -07:00
Shubham Padia fc46673f23 settings: Add can_create_groups setting to realm.
This commit does not add the logic of using this setting to actually
check the permission on the backend. That will be done in a later
commit.

Adding the setting breaks the frontend, since the frontend tries to find
a dropdown widget for the setting automatically. To avoid this, we've
added a small temporary if statement to `settings_org.js`.
2024-10-01 17:35:14 -07:00
Alya Abbott 2798b64b09 contributor docs: Clarify how to ask for an issue to be assigned. 2024-10-01 17:01:53 -07:00
Vector73 66113365a5 saved_snippets: Add new feature for saved snippets.
Fixes #31227.
2024-10-01 11:48:15 -07:00
Lauryn Menard 8301dcd421 compose-recipients: Resize compose box text area for placeholder.
When adding or removing recipients for a direct message, the
placeholder text may cause a change in the size of the compose box,
so this adds a call to `compose_ui.autosize_textarea` when setting
that placeholder attribute.
2024-10-01 10:29:16 -07:00
Lauryn Menard 4283207f6f help-relative: Add option for "Not subscribed" tab of channels overlay.
Updates the relative help link for "Browse and subscribe to channels"
in help center "Introduction to channels" article.

Fixes #31605.
2024-10-01 10:28:30 -07:00
Tim Abbott 2f8e2f77aa user_group_edit: Fix use of stream in user-facing string. 2024-10-01 10:25:59 -07:00
sanchi-t 84f9765b18 css: Remove non-existent class selctor. 2024-10-01 10:24:16 -07:00
sanchi-t 0f506eaf91 css: Refactor theme colors for `kbd`.
This change moves the light and dark theme colors for `kbd` to
CSS variables.
2024-10-01 10:24:16 -07:00
bao-qian d4b30e9e9d backup: Dereference symlinks when building tarball.
In docker-zulip installs, /etc/zulip/zulip.conf,
/etc/zulip/zulip-secrets.conf, and /home/zulip/uploads are all
symlinks into the `/data` directory which is mounted as a Docker
Volume.  By default, `tar` does not dereference symlinks, leading to
backups that are missing these critical pieces.

Add `-h` to the `tar` invocation, to follow symlinks, so backups in
Docker have all of their pieces.  Since none of the contents of the
backup intentionally use symlinks, this is safe.

Co-authored-by: Alex Vandiver <alexmv@zulip.com>
2024-10-01 09:51:54 -07:00
Sahil Batra f97da983cf user_groups: Handle inaccessible streams in group deactivation error.
If the user group being deactivated is used as a setting for a stream
which cannot be accessed by the user trying to deactivate the group,
we show "Unknown stream" in the banner mentioning where the group
is used.
2024-10-01 09:45:37 -07:00
Sahil Batra 58ab97a0b4 user_groups: Show details for group deactivation error.
This commit adds code to list the groups and streams
where the group is being used as settings in a banner.

The banner also mentions if the group is being used for
realm settings.
2024-10-01 09:45:37 -07:00
Sahil Batra b8a039ee99 user_groups: Include settings and supergroups in error response.
The error response when a user group cannot be deactivated due
to it being used as a subgroup or for a setting includes details
about the supergroups, streams, user groups as well the settings
for which it is used.
2024-10-01 09:45:33 -07:00
sanchi-t 19ba94b946 css: Refactor theme colors for `app_components`.
This change moves the light and dark theme colors for
`app_components` to CSS variables.
2024-10-01 09:41:22 -07:00
sanchi-t a8e809e63f css: Refactor theme colors for `.table-striped`.
This change moves the light and dark theme colors for
`.table-striped` to CSS variables.
2024-10-01 09:40:47 -07:00
sanchi-t 72971cda8e css: Refactor theme colors for `.demo-organization-warning`.
This change moves the light and dark theme colors for
`.demo-organization-warning` to CSS variables.
2024-10-01 09:40:47 -07:00
Sahil Batra c1973d2263 user_groups: Add access_user_group_to_read_membership.
This commit adds access_user_group_to_read_membership function
so that we can avoid calling get_user_group_by_id_in_realm with
"for_read=True" from views functions, which is better for security
since that function does not do any access checks.
2024-10-01 09:36:01 -07:00
Tim Abbott 096fea48a0 user_groups: Add docstrings for several functions. 2024-09-30 18:42:14 -07:00
Sahil Batra b554106e6d user_groups: Allow members of subgroups to manage group.
Previously, if the user_group_edit_policy was set to allow
members or full members to manage the group, the user had
to be the direct member of the group being managed.

This commit updates the code to allow members of the subgroups
as well to manage the group as technically members of the
subgroups are member of the group.

This also improves the code to not fetch all the group members
to check this, and instead directly call is_user_in_group
which uses "exists" to check it.
2024-09-30 18:42:14 -07:00
Sahil Batra 233775d257 user_groups: Rename has_user_group_access.
This commit renames has_user_group_access function to
has_user_group_access_for_subgroup, since the function
is only used to check access for using a group as subgroup.
2024-09-30 18:42:14 -07:00
Sahil Batra 0c89621fa6 user_groups: Refactor code to check permissions.
This commit refactors the code to check permission for
accessing user group in such a way that we can avoid
duplicate code in future when we will have different
settings controlling the permissions for editing group
details and settings, joining the group, adding others
to group, etc.
2024-09-30 18:42:14 -07:00
evykassirer 9ba6c18e3a reload: Only add stream_id if it's defined.
This isn't a bug fix, but it does clean up the code. `reload_setup`
only uses the `stream_id` if it can parse it as an integer and
otherwise falls back to `undefined`, so it makes more sense to not
include undefined stream ids.
2024-09-30 17:48:17 -07:00
Shubham Padia 7a0a71b7d1 message_edit: Use display: grid instead of relative positioning.
Fixes #31750.
The control buttons of the edit box were flickering b/w default cursor
and pointer cursor after c1d155d923.
The addition of `position: relative` to `.edit-content-container` was
causing that. We've now added a div to apply position:relative to, this
div does not have any edit controls in it's children.
2024-09-30 17:40:37 -07:00
evykassirer 261f01ede8 input_pill: Highlight previous pill after backspace deletion.
This is helpful for when a user wants to delete multiple pills
in a row, now that a pill needs to be highlighted before it can
be deleted.

It makes more sense intuitively for the previous pill to be selected
after backspace, since the direction of deletion is backwards. We
still potentially focus next() if there is no previous pill, which
is most helpful when the input element has no more pills left, since
this focuses the text field.
2024-09-30 16:37:12 -07:00
evykassirer 6e85fa8fcc input_pill: Highlight/focus pill before removing it.
Select the pill on the first backspace and delete the whole pill on
the second backspace. If the pill is already highlighted from
left-pressing, then backspace would delete it right away.

We're making this change because it can be quite annoying to
re-type out a pill that's accidentally deleted, and users might
think pills are editable and accidentally delete the whole thing
with a backspace stroke.
2024-09-30 16:37:12 -07:00
evykassirer f5be62f60d buddy_list: Include offline users in participants list for large orgs. 2024-09-30 16:35:13 -07:00
evykassirer 38e5b4b8fc buddy_list: Show conversation participants in the right sidebar.
Fixes #31129.
2024-09-30 16:35:13 -07:00
evykassirer 12033d6690 message_view_header: Add blueslip logging for undefined sub.
To try to figure out why this is happening:
https://chat.zulip.org/#narrow/stream/464-kandra-js-errors/topic/Error.3A.20Failed.20to.20process.20an.20event
2024-09-30 16:32:03 -07:00
Anders Kaseorg 2440c6d244 electron_bridge: Harden against hypothetical DOM clobbering attacks.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2024-09-30 16:31:27 -07:00
Alya Abbott 6701d0c068 help: Update instructions to mark messages as read. 2024-09-30 16:29:59 -07:00
Anders Kaseorg b0653d1ea4 uploaded_files_list: Fix id pollution.
The HTML id attribute is supposed to be globally unique; it’s not an
appropriate place to store a user-controlled string, or to identify
part of a component that’s rendered more than once.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2024-09-30 14:15:31 -07:00
Karl Stolley 762617e23f left_sidebar: Add hover styles for action headings. 2024-09-30 13:38:33 -07:00
Karl Stolley 04f6082dfb left_sidebar: Add color for collapsed nav item hover. 2024-09-30 13:38:33 -07:00
Karl Stolley f73e39c63d sidebars: Restyle vdots icon colors and hover states. 2024-09-30 13:38:33 -07:00
Karl Stolley 872a1e64a6 left_sidebar: Add hover effects for section headings. 2024-09-30 13:38:33 -07:00
Karl Stolley 8c54c1df3e sidebars: Add active and hover sidebar-row styles. 2024-09-30 13:38:33 -07:00
Karl Stolley 1d4f282cbd sidebars: Present neutral and active sidebar-row states. 2024-09-30 13:38:33 -07:00
evykassirer 471d042a11 message_notifications: Convert module to typescript. 2024-09-30 12:07:27 -07:00
evykassirer 6c390551de unread: Remove useless message_unread function. 2024-09-30 12:07:27 -07:00
evykassirer 4215c9d707 message_notifications: Check if NotificationAPI is undefined.
`window.Notification` can be `undefined` in iOS Safari.
https://bugs.webkit.org/show_bug.cgi?id=247315

This hasn't caused any known bugs, but it's better to catch
this case with an undefined check than to assert it's defined
when we convert this file to typescript.
2024-09-30 12:07:27 -07:00
Mateusz Mandera 06fa99e87c do_change_user_delivery_email: Add acting_user kwarg.
This is standard for our do_change_... functions.
2024-09-30 12:00:14 -07:00