We also add the exception for the group creator to be able to edit their
group in this commit. This exception was added in the backend in earlier
commits.
This commit does not add the logic of using this setting to actually
check the permission on the backend. That will be done in a later
commit.
Only owners can modify this setting, but we will add that logic in a
later commit in order to keep changes in this commit minimal.
Adding the setting breaks the frontend, since the frontend tries to find
a dropdown widget for the setting automatically. To avoid this, we've
added a small temporary if statement to `settings_org.js`.
Although, most lists where we insert this setting follow an unofficial
alphabetical order, `can_manage_all_groups` has been bunched together
with `can_create_groups` since keeping those similar settings together
would be nicer when checking any code related to creating/managing a
user group.
We will not remove `user_group_edit_policy` yet. That will be removed
once we have introduced a user group setting to manage edit permissions
to groups.
We might introduce a generic testing function similar to
do_test_changing_settings_by_owners_only later, but not right now, since
there is only 1 setting at the moment needing that test.
This commit does not add the logic of using this setting to actually
check the permission on the backend. That will be done in a later
commit.
Adding the setting breaks the frontend, since the frontend tries to find
a dropdown widget for the setting automatically. To avoid this, we've
added a small temporary if statement to `settings_org.js`.
When adding or removing recipients for a direct message, the
placeholder text may cause a change in the size of the compose box,
so this adds a call to `compose_ui.autosize_textarea` when setting
that placeholder attribute.
In docker-zulip installs, /etc/zulip/zulip.conf,
/etc/zulip/zulip-secrets.conf, and /home/zulip/uploads are all
symlinks into the `/data` directory which is mounted as a Docker
Volume. By default, `tar` does not dereference symlinks, leading to
backups that are missing these critical pieces.
Add `-h` to the `tar` invocation, to follow symlinks, so backups in
Docker have all of their pieces. Since none of the contents of the
backup intentionally use symlinks, this is safe.
Co-authored-by: Alex Vandiver <alexmv@zulip.com>
If the user group being deactivated is used as a setting for a stream
which cannot be accessed by the user trying to deactivate the group,
we show "Unknown stream" in the banner mentioning where the group
is used.
This commit adds code to list the groups and streams
where the group is being used as settings in a banner.
The banner also mentions if the group is being used for
realm settings.
The error response when a user group cannot be deactivated due
to it being used as a subgroup or for a setting includes details
about the supergroups, streams, user groups as well the settings
for which it is used.
This commit adds access_user_group_to_read_membership function
so that we can avoid calling get_user_group_by_id_in_realm with
"for_read=True" from views functions, which is better for security
since that function does not do any access checks.
Previously, if the user_group_edit_policy was set to allow
members or full members to manage the group, the user had
to be the direct member of the group being managed.
This commit updates the code to allow members of the subgroups
as well to manage the group as technically members of the
subgroups are member of the group.
This also improves the code to not fetch all the group members
to check this, and instead directly call is_user_in_group
which uses "exists" to check it.
This commit renames has_user_group_access function to
has_user_group_access_for_subgroup, since the function
is only used to check access for using a group as subgroup.
This commit refactors the code to check permission for
accessing user group in such a way that we can avoid
duplicate code in future when we will have different
settings controlling the permissions for editing group
details and settings, joining the group, adding others
to group, etc.
This isn't a bug fix, but it does clean up the code. `reload_setup`
only uses the `stream_id` if it can parse it as an integer and
otherwise falls back to `undefined`, so it makes more sense to not
include undefined stream ids.
Fixes#31750.
The control buttons of the edit box were flickering b/w default cursor
and pointer cursor after c1d155d923.
The addition of `position: relative` to `.edit-content-container` was
causing that. We've now added a div to apply position:relative to, this
div does not have any edit controls in it's children.
This is helpful for when a user wants to delete multiple pills
in a row, now that a pill needs to be highlighted before it can
be deleted.
It makes more sense intuitively for the previous pill to be selected
after backspace, since the direction of deletion is backwards. We
still potentially focus next() if there is no previous pill, which
is most helpful when the input element has no more pills left, since
this focuses the text field.
Select the pill on the first backspace and delete the whole pill on
the second backspace. If the pill is already highlighted from
left-pressing, then backspace would delete it right away.
We're making this change because it can be quite annoying to
re-type out a pill that's accidentally deleted, and users might
think pills are editable and accidentally delete the whole thing
with a backspace stroke.
The HTML id attribute is supposed to be globally unique; it’s not an
appropriate place to store a user-controlled string, or to identify
part of a component that’s rendered more than once.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
`window.Notification` can be `undefined` in iOS Safari.
https://bugs.webkit.org/show_bug.cgi?id=247315
This hasn't caused any known bugs, but it's better to catch
this case with an undefined check than to assert it's defined
when we convert this file to typescript.