Commit Graph

42180 Commits

Author SHA1 Message Date
Mateusz Mandera ccfcc186ad subs: Fix subscriber_..._history_access to not exclude subbed guests.
Guests are supposed to have stream history access to public streams
they're subscribed to.
2021-04-19 10:10:51 -07:00
Mateusz Mandera 68d1f2d7ef streams: Add realm check in can_access_stream_history.
The caller is supposed validate the stream and user realm match, but
since this is a security-sensitive function, we should have this
defensive code to protect against some validation bugs in the caller
leading to this being called incorrectly and returning True.
2021-04-19 10:10:51 -07:00
Mateusz Mandera f5c4005f8a actions: Fix some lists incorrectly named "subscribers".
These contain subscriptions, not subscribers.
2021-04-19 10:10:51 -07:00
Mateusz Mandera 4e26a9e9d6 subs: Fix codepaths incorrectly fetching subs of deactivated users.
Fixes #17922.

These two places fetch subscriptions for the sake of getting user ids to
send events to. Clearly deactivated users should be excluded from that.
2021-04-19 10:10:51 -07:00
Mateusz Mandera 50bfbb588e subs: Allow filtering by is_user_active in get_active_subscriptions.
get_active_subscriptions_for_stream_id should allow specifying whether
subscriptions of deactivated users should be included in the result.
Active subs of deactivated users are  a subtlety that's easy to miss
when writing relevant code, so we make include_deactivated_users a
mandatory kwarg - this will force callers to definitely give thought to
whether such subs should be included or not.

This commit is just a refactoring, we keep original behavior everywhere
- there are places where subs of deactivates users should probably be
excluded but aren't - we don't fix that here, it'll be addressed in
follow-up commits.
2021-04-19 10:10:51 -07:00
aryanshridhar efc63ae7ce templates: Fix email input field within reset.html.
Earlier, the email label tag was dislocated with respect to
it's input field, causing the UI to be disorganized.

Rectified by moving the label tag above the email input field
and added placeholder value to the field.
2021-04-19 10:00:20 -07:00
Wesley Aptekar-Cassels da0c616b69 shared: Move PollData into shared. 2021-04-19 06:34:08 -04:00
Wesley Aptekar-Cassels 42f328fec6 PollData: Pass in function for rendering user names.
This will make it easier to share this code with the mobile app, which
does not use people.js.
2021-04-19 06:34:08 -04:00
Wesley Aptekar-Cassels 331927bbbe PollData: Use options object, rather than positional args. 2021-04-19 06:34:08 -04:00
Wesley Aptekar-Cassels bef67d7bf1 PollData: Pass in current user ID.
This will make it easier to share this code with the mobile codebase,
which does not use the people.js logic.
2021-04-19 06:34:08 -04:00
Wesley Aptekar-Cassels 7718d2b137 PollData: Change error reporting to be generic.
This is in preparation for moving this code to @zulip/shared for use in
the mobile app, where we will want to use Sentry for reporting errors,
rather than blueslip.

The way I've done this only allows for reporting one type of error
(currently, blueslip.warn), but seeing as we only have one place we
report an error, that seems like something we can fix if we want more
error levels at a later date.
2021-04-19 06:34:08 -04:00
Steve Howell d14441ffd3 minor: Move narrow mock to be in lexical order. 2021-04-17 09:09:15 -07:00
Steve Howell a2809dd361 node tests: Localize all_messages stub. 2021-04-17 09:09:15 -07:00
Abhijeet Prasad Bodas 1ffd8b0205 ui: Use unicode U+2026 instead of literal "..." characters.
The unicode horizontal ellipsis is visually nicer.
b40e50f295 removed many of these,
by changing the text itself.
This commit handles the remaining few.
2021-04-17 09:07:46 -07:00
sahil839 4ac3fabadd models: Add new helper can_move_messages_between_streams.
This commit adds new helper can_move_messages_between_streams
which will be used to check whether a user is allowed to move
messages from one stream to another according to value of
'move_messages_between_streams_policy'.
2021-04-16 15:16:08 -07:00
sahil839 2dc99aa90f settings: Add new setting for controlling who can move msgs to stream.
This commit adds a new setting 'move_messages_between_streams_policy`
for controlling who can move messages from one stream to other.
2021-04-16 15:10:39 -07:00
Adam Birds 5f0211285e tools: Update run-dev.py to output right subdomain if on Zulip droplet.
I have updated `tools/run-dev.py` to output the correct subdomain such as
`http://zulip.username.zulipdev.org` so that the user knows the correct
subdomain to access the Zulip Dev realm on.
2021-04-16 14:57:36 -07:00
Adam Birds 0cf3e0c226 docs: Update remote development documentation to be more accurate.
I have updated the remote development documentations to be more accurate
when it comes to developing on a Zulip Development Droplet to ensure
the user knows to access at `zulip.username.zulipdev.org`.
2021-04-16 14:56:30 -07:00
Anders Kaseorg 82106faf6c webpack: Don’t watch node_modules for changes.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-04-16 14:53:00 -07:00
Alex Vandiver 7264d44dd4 docs: Minor grammar tweak. 2021-04-16 14:05:42 -07:00
Alex Vandiver e683ae2d24 docs: Add a missing word. 2021-04-16 14:05:42 -07:00
Tim Abbott d58931e2b5 docs: Document situations where one needs smokescreen. 2021-04-16 14:05:42 -07:00
Tim Abbott bb676f1143 smokescreen: Move supervisor configuration to managed directory.
We've established the conf.d/zulip directory as the recommended path
for Zulip-managed configuration files, so this belongs there.
2021-04-16 14:05:42 -07:00
Vishnu KS ab771e4b19 support: Show the first human user in realm search result. 2021-04-16 13:22:02 -07:00
Vishnu KS e72dea1de6 models: Create get_first_human_user function in Realm. 2021-04-16 13:22:01 -07:00
Vishnu KS 8139896e3d support: Show realm owners in realm search results. 2021-04-16 13:18:46 -07:00
Vishnu KS b2f6acc33f support: Remove duplicate query for admin emails in template. 2021-04-16 13:18:46 -07:00
Vishnu KS 97765798d7 support: Rename realm_admin_emails to get_realm_admin_emails_as_string. 2021-04-16 13:18:46 -07:00
Tim Abbott f89af5b2b4 css: Add block comment for reaction button logic. 2021-04-16 12:20:54 -07:00
Aman Agrawal c3211b652f reaction_button: Hide if it is the first child.
Since all the message reactions are inserted before the
add reaction button, if it is the first child, we can safely
remove it.

We changed this from `only-child` to be `first-child` because
we append tooltips as siblings of `reaction_button` but since
they are appended, they are always appended after the `reaction_button`.
Thus, if there were tooltips present the reaction_button won't hide.
2021-04-16 12:17:54 -07:00
Mateusz Mandera 2983a7e799 test_home: Fix user_activity queue event format in a test.
Current production code uses client_id in the event dict and this test
should be updated to reflect that. Old format event can still be
consumed by the worker, but that is already tested by
WorkerTest.test_UserActivityWorker.
2021-04-16 11:02:48 -07:00
Tim Abbott 4b3ac8c5ed docs: Document TODO/compatability convention in release checklist.
This should provide a better mechanism for us to keep track of what
backwards-compatibility code we can safely delete.
2021-04-16 10:02:30 -07:00
Tim Abbott 48d99886fd event_queue: Update rule for when we can remove compatibility code.
Since c3a8a15bae removed the last
instance of code using the dictionary code path, we actually need to
wait until one can no longer upgrade directly from 4.x to master in
order to avoid breakage should we remove this compatibility code,
since only today did we stop generating the old event format.
2021-04-16 09:58:21 -07:00
Tim Abbott 260861426c queue_processors: Document when can remove compatibility code. 2021-04-16 09:55:14 -07:00
Mateusz Mandera c3a8a15bae delete_messages: Pass a list of user ids in the event in all cases.
The bulk deletion codepath was using dicts instead of user ids in the
event, as opposed to the other codepath which was adjusted to pass just
user ids before. We make the bulk codepath consistent with the other
one. Due to the dict-type events happening in 3.*, we move the goal for
deleting the compat code in process_notification to 5.0.
2021-04-16 09:54:14 -07:00
Steve Howell 8ffb828030 node tests: Avoid people stubs for poll test.
We also have Alice vote on the current user's poll.
2021-04-16 09:51:51 -04:00
Anders Kaseorg e71f906eba docs: Document custom tag mechanism for translating HTML.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-04-16 02:31:58 -07:00
Anders Kaseorg 7a2195c324 docs: Update example variable reference for FormatJS.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-04-16 02:31:58 -07:00
Anders Kaseorg 36e938bf9f requirements: Upgrade Python requirements.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-04-15 21:47:33 -07:00
Anders Kaseorg f59f2ca165 requirements: Re-drop direct dependency on mock.
This was dropped in commit 840cf4b885
(#15091), but commit 1432067959
(#17047) mistakenly reintroduced it.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-04-15 21:47:33 -07:00
Gaurav Pandey 1bdcb11543 ci: Run zulip backend test suite for Debian bullseye.
This also verifies the Zulip codebase's Python 3.9 support.
2021-04-15 21:38:31 -07:00
Gaurav Pandey 303e7b9701 ci: Add Debian bullseye to production test suite. 2021-04-15 21:38:31 -07:00
Gaurav Pandey feb720b463 install: Add beta support for debian bullseye for production.
This won't work on a real bullseye system until Bullseye actually
officially releases.

Fixes part of #17863.
2021-04-15 21:38:31 -07:00
Gaurav Pandey 78524d4f87 provision: Add support for debian bullseye.
Fixes part of #17863.
2021-04-15 21:38:31 -07:00
Alex Vandiver 9de35d98d3 puppet: Ensure a snakeoil certificate, for Postfix and PostgreSQL.
We use the snakeoil TLS certificate for PostgreSQL and Postfix; some
VMs install the `ssl-cert` package but (reasonably) don't build the
snakeoil certs into the image.

Build them as needed.

Fixes #14955.
2021-04-15 21:37:55 -07:00
Anders Kaseorg bdb20a8002 integrations: Convert deprecated Django url to path.
django.conf.urls.url is actually a deprecated alias of
django.urls.re_path, but we want path instead of re_path.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-04-15 18:01:34 -07:00
Anders Kaseorg 2939d29b6d python: Convert deprecated Django smart_text alias to smart_str.
django.utils.encoding.smart_text is a deprecated alias of
django.utils.encoding.smart_str as of Django 3.0, and will be removed
in Django 4.0.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-04-15 18:01:34 -07:00
Anders Kaseorg dcdb00a5e6 python: Convert deprecated Django is_safe_url.
django.utils.http.is_safe_url is a deprecated alias of
django.utils.http.url_has_allowed_host_and_scheme as of Django 3.0,
and will be removed in Django 4.0.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-04-15 18:01:34 -07:00
Anders Kaseorg e7ed907cf6 python: Convert deprecated Django ugettext alias to gettext.
django.utils.translation.ugettext is a deprecated alias of
django.utils.translation.gettext as of Django 3.0, and will be removed
in Django 4.0.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-04-15 18:01:34 -07:00
Steve Howell 173ce9a3fc refactor: Use sub_store for get/validation.
This reduces the complexity of our dependency graph.

It also makes sub_store.get parallel to message_store.get.
For both you pass in the relevant id to get the
full validated object.
2021-04-15 17:26:17 -07:00