Commit Graph

60682 Commits

Author SHA1 Message Date
evykassirer deb5d90941 message_list: Convert module to typescript. 2024-09-19 15:31:16 -07:00
evykassirer 620db3057b message_list: Fix bug accessing filter incorrectly.
I checked this with Aman who wrote this originally, and he said
this is what he meant to write.
2024-09-19 15:31:16 -07:00
evykassirer c9f49cefdd message_list: Remove unused preserve_rendered_state attribute.
Aman said  we should be running this even if it wasn’t running before.
https://github.com/zulip/zulip/pull/31591#pullrequestreview-2300886181
2024-09-19 15:31:16 -07:00
Mateusz Mandera 1d7d3fae61 signup: Mirror dummy user should be registered with role from invite.
Aside of what's generally explained in the code comment, this is
motivated by the specific situation of import of Slack Connect channels.
These channels contain users who are "external collaborators" and
limited to a single channel in Slack. We don't have more sophisticated
handling of their import, which would map this concept 1-to-1 in Zulip -
but we create them as inactive dummy users, meaning they have to go
through signup before their account is usable.

The issue is that their imported UserProfile.role is set to Member and
when they register, the UserProfile gets reactivated with that role
unchanged. However, if e.g. the user is signing up after they received
an invitation from the admin, they should get the role that was
configured on the invite. In particular important if the user is meant
to still be "limited" and thus the admin invites them as a guest - they
definitely don't want the user to get a full Member account because of
this weird interaction between import and registration.
2024-09-19 15:26:27 -07:00
Aman Agrawal fd441fd3d3 hashchange: Extract function to get home view hash. 2024-09-19 13:50:47 -07:00
Aman Agrawal 02f84bda34 message_list: Avoid recursive calls to message_selected event.
Note that even though we no longer trigger message selection
events from within the rerender calls with their different `opts`,
it doesn't effect the scroll position and selected id since
the events are triggered synchronously and the final message
selection event call has the opts of the initial caller.
2024-09-19 13:20:49 -07:00
Alex Vandiver 24d110f063 settings: Increase default max file upload size to 100MB.
This also _lowers_ the default nginx client_max_body_size, since that
no longer caps the upload file size.
2024-09-19 11:37:29 -07:00
Alex Vandiver 94dad72b75 upload: Use @uppy/tus to upload files through tusd.
Replace the XHRUpload plugin for Uppy with the Tus plugin, to make use
of the new tusd endpoint.  This allows for resumable files, as well as
files which are larger than comfortably fit in memory (the source of
the old 25MB limit).

MAX_FILE_UPLOAD_SIZE is still applied, but can safely be raised above
25MB.

Fixes: #9391.

Co-authored-by: Brijmohan Siyag <brijsiyag@gmail.com>
2024-09-19 11:37:29 -07:00
Alex Vandiver 818c30372f upload: Use tusd for resumable, larger uploads.
Currently, it handles two hook types: 'pre-create' (to verify that the
user is authenticated and the file size is within the limit) and
'pre-finish' (which creates an attachment row).

No secret is shared between Django and tusd for authentication of the
hooks endpoints, because none is necessary -- tusd forwards the
end-user's credentials, and the hook checks them like it would any
end-user request.  An end-user gaining access to the endpoint would be
able to do no more harm than via tusd or the normal file upload API.

Regardless, the previous commit has restricted access to the endpoint
at the nginx layer.

Co-authored-by: Brijmohan Siyag <brijsiyag@gmail.com>
2024-09-19 11:37:29 -07:00
Alex Vandiver 02d3fb7666 nginx: Allow HTTP access to internal endpoints from localhost. 2024-09-19 11:37:29 -07:00
Aman Agrawal 9a1ad1047a test_stripe: Normalize stripe fixtures.
Normalize generated fixtures for exp_month, exp_year and postal code.
2024-09-19 11:26:21 -07:00
Aman Agrawal 4d8e6ba094 stripe: Change stripe email on the upgrade page if available. 2024-09-19 11:26:21 -07:00
Aman Agrawal 9a4a07d933 stripe: Allow user to update email for sending invoice. 2024-09-19 11:26:21 -07:00
Aman Agrawal 6f094f0350 test_backend: For serial mode for stripe fixture generation.
It is important for stripe fixtures to be generated in serial
mode so that customer and event data doesn't overflow between
tests.
2024-09-19 11:26:21 -07:00
evykassirer 56adeb335f search: Fix cutoff focus outline. 2024-09-19 10:50:21 -07:00
Sahil Batra 1f16c0fdb7 popovers: Increase contrast of deactivated information text.
This commit increases the contrast for "This user has been deactivated"
text in user popover and "This group has been deactivated" text in
group popover in both light and dark mode by making the opacity 1 as
this is important information and should be clearly visible.

The text color and opacity matches with the role text shown in user
popover.
2024-09-19 10:50:02 -07:00
Sayam Samal 4ed27a9a5f tooltips: Fix hotkey hints wrapping when next to longer tooltip labels.
Earlier, mostly in non-English languages, the tooltip labels would
force the tooltip hotkey hints to wrap. This commit adds the
`white-space: nowrap` property to ensure that the hotkey hint texts
are forced to be in a single line.
2024-09-19 10:49:15 -07:00
evykassirer 86564381cf message_view_header: Rename current_stream to more accurate current_sub. 2024-09-19 10:06:57 -07:00
Sahil Batra 63a7c9061b settings: Use new pills UI for can_manage_group setting.
This UI enables the user to set can_manage_group setting to a
combination of users and groups, replacing the old dropdown UI
which just allowed setting user to a single system group.

Fixes part of #28808.
2024-09-19 09:08:33 -07:00
Sahil Batra 8068b6e55e group_setting_pill: Add code for showing typeahead.
This commit adds code to show typeahead for group setting
pill container. We add a separate function as we only
want to show groups and users in the typeahead and the
options are also sorted in a different order compared
to other typeaheads.
2024-09-19 09:08:33 -07:00
Sahil Batra 053686669a composebox_typeahead: Use query_matches_group_name to match group.
Though we can use query_matches_name for groups as we do not allow
system groups in the composebox typeahead and the other groups have
same display_name and name values, but still would be better for
consistency.

And with this change, query_matches_name function is only used for
streams, so updated that accordingly.
2024-09-19 09:08:33 -07:00
Sahil Batra def78ddf09 user_groups: Do not show "role:" prefix for system groups.
Instead of showing the actual names like "role:everyone",
"role:moderators", etc. for system groups, we show
"Everyone", "Moderators", etc. for system user group in
pills, typeaheads and popovers.

Though system groups are not shown in typeahead as of
this commit, we update the typeahead code as well to
not conside "role:" prefix while matching with the
query as we would soon show system groups in typeahead
when we would add new UI for group-based settings.

Previously, only "role:everyone" group was shown as
"Everyone" in popover and pills but for other system
groups their original names for shown and this commit
changes that behavior to be same for all system groups.

The original display_name field for
settings_config.system_user_groups_list objects, which
was used for dropdown widgets, is also renamed so that
we can use display_name field for the names to be used
in other places.
2024-09-19 09:08:33 -07:00
Sahil Batra 2fff124ec9 settings: Add new module to handle pills for group settings.
This commit creates a new module similar to add_subscribers_pill
for handling the pill widget to be used for group settings.
2024-09-19 09:08:33 -07:00
Alya Abbott acd578c769 help: Replace instructions to delete a group with deactivation. 2024-09-18 15:36:12 -07:00
Anders Kaseorg 2c8ad219b1 styles: Fix invalid CSS generated due to @extend misusage.
@extend can only be used in an element selector, not directly within
@media.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2024-09-18 15:33:28 -07:00
Anders Kaseorg dc6ba1c9e2 localstorage: Remove unused expiry feature.
This was introduced by commit 8b22b94ab1
with no actual cleanup mechanism, and has never been used.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2024-09-18 15:32:07 -07:00
Anders Kaseorg 97ffccb45f reload: Convert module to TypeScript.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2024-09-18 15:31:41 -07:00
Anders Kaseorg 0be5cc232c reload: Remove obsolete location.reload(true) usage.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2024-09-18 15:31:41 -07:00
Anders Kaseorg 16d37eb80a tests: Call reload.is_stale_refresh_token correctly.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2024-09-18 15:31:41 -07:00
Karl Stolley c3b13654a7 left_sidebar: Ensure brackets are not shown while zoomed in. 2024-09-18 15:29:20 -07:00
Sahil Batra 5f3a8334be user_groups: Do not allow deleting user groups. 2024-09-18 13:41:13 -07:00
Sahil Batra 6a739e263f user_groups: Allow deactivating groups from webapp. 2024-09-18 13:41:13 -07:00
Sahil Batra c53563d0e7 user_groups: Handle deactivated groups in webapp. 2024-09-18 13:41:13 -07:00
Sahil Batra 5c790aac72 user_groups: Rename allow_deactivated in 'GET /user_groups'.
This commit renames "allow_deactivated" parameter in
"GET /user_groups" endpoint to "include_deactivated_groups", so
that we can have consistent naming here and for client capability
used for deciding whether to send deactivated groups in register
response and how to handle the related events.
2024-09-18 13:41:13 -07:00
Sahil Batra fb63c47ea6 user_groups: Add client capability to handle deactivated groups.
This commit adds a client capability to not receive data about
deactivated groups.
2024-09-18 13:41:13 -07:00
Sahil Batra aa123b38b4 tests: Test can_manage_group setting for deactivating groups.
There were no tests for testing group deactivation permission
based on can_manage_group setting.
2024-09-18 13:41:13 -07:00
Anders Kaseorg 782fa2a803 localstorage: Fix removeDataRegexWithCondition to check parsed data.
Commit bca41fd29f (#23028) introduced
this for reload.is_stale_refresh_token, which had always returned true
because it was operating on the raw JSON string rather than the parsed
data.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2024-09-18 13:16:25 -07:00
evykassirer dba1af84e0 filter: Use stream id instead of stream name. 2024-09-18 13:08:14 -07:00
evykassirer 2be181c367 stream_data: Check for null more explicitly.
Otherwise 0 is treated specially, different from other numbers.
2024-09-18 13:08:14 -07:00
evykassirer 2ad1dc7014 stream_data: Make slug regex a bit more readable.
This clarifies that the second group is purely for use internal
to the regexp (it's there for the ? to act on) and won't be saved
as a substring for the surrounding code to look at (like match[2]).
In a hot path that could be a performance savings; here it just
makes things a bit more explicit for the reader.
2024-09-18 13:08:14 -07:00
Sahil Batra 7a6135371e settings: Handle guests separately for group-based settings.
This commit adds code to handle guests separately for group
based settings, where guest will only have permission if
that particular setting can be set to "role:everyone" group
even if the guest user is part of the group which is used
for that setting. This is to make sure that guests do not
get permissions for actions that we generally do not want
guests to have.

Currently the guests do not have permission for most of them
except for "Who can delete any message", where guest could
delete a message if the setting was set to a user defined
group with guest being its member. But this commit still
update the code to use the new function for all the settings
as we want to have a consistent pattern of how to check whether
a user has permission for group-based settings.
2024-09-18 11:51:11 -07:00
sujal shah fcbb1cd558 todo_widget: Add `type`` as Optional in `new_task_inbound_data_schema`.
This commit corrects the `type` parameter in
`new_task_inbound_data_schema`, which was previously optional
but not added as such.
2024-09-18 10:06:00 -07:00
Lauryn Menard 2e394f3913 billing: Check minimum for plan tier for stale license count check. 2024-09-18 09:40:42 -07:00
kartikay b49f227b6e docs: Correct zulipbot label in accessibility documentation.
Earlier, the documentation incorrectly stated the label as
"area: accessibility". The correct label is "accessibility".

This commit updates the label in "docs/subsystems/accessibility.md"
to ensure proper usage for contributors.
2024-09-17 16:26:32 -07:00
evykassirer 13e3ced486 message edit: Fix bug preventing messages from being edited.
More context in this thread on CZO:
https://chat.zulip.org/#narrow/stream/9-issues/topic/Blueslip.20error.20on.20editing.20a.20message/near/1943476
2024-09-17 15:50:33 -07:00
Alex Vandiver c34913b4d7 nginx: Limit access to internal endpoints, to localhost. 2024-09-17 12:51:30 -07:00
Alex Vandiver 5bc4d39c25 settings: Attempt to detect S3_REGION if left blank. 2024-09-17 12:51:30 -07:00
Alex Vandiver 9a1f78db22 thumbnail: Support checking for images from streaming sources.
We may not always have trivial access to all of the bytes of the
uploaded file -- for instance, if the file was uploaded previously, or
by some other process.  Downloading the entire image in order to check
its headers is an inefficient use of time and bandwidth.

Adjust `maybe_thumbnail` and dependencies to potentially take a
`pyvips.Source` which supports streaming data from S3 or disk.  This
allows making the ImageAttachment row, if deemed appropriate, based on
only a few KB of data, and not the entire image.
2024-09-17 12:51:30 -07:00
Alex Vandiver 758aa36cbe stop-server: Stop katex, if running. 2024-09-17 12:51:30 -07:00
Karl Stolley 708d07a885 lightbox: Address edge case where media may be unavailable. 2024-09-17 11:55:18 -07:00