Commit Graph

713 Commits

Author SHA1 Message Date
jagansivam28 e132db3480 settings org: Use `image_upload_widget.hbs` for realm icon.
Now we can use common HTML image upload widget template
`image_upload_widget.hbs` for realm icon. we can access icon
element using "#realm-icon-upload-widget .realm-icon-elements".
also we need to extract CSS for realm icon and place them
separately under `#realm-icon-upload-widget` css id.
2020-06-17 17:47:49 -07:00
Tim Abbott a2767e8c50 CVE-2020-14194: Use noopener/noreferrer for external links.
We fixed the main issue of this form in CVE-2020-9444, but the audit
done at that time only included links found in rendered_markdown; this
change completes our audit for links with target=_blank anywhere in
the codebase.
2020-06-16 23:35:39 -07:00
Tim Abbott 4fff858aa2 templates: Fix missing quoting of attributes in HTML templates.
This fixes a bundle of issues where we were missing "" around
attributes coming from variables.  In most cases, the variables were
integers or fixed constants from the Zulip codebase (E.g. the name of
an installed integration), but in at least one case it was
user-provided data that could potentially have security impact.
2020-06-16 23:35:39 -07:00
Clara Dantas ddbde66af5 realm: Remove Google Hangouts integration.
Google  has removed the Google Hangouts brand, thus we are removing
them as video chat provider option.
This commit removes Google Hangouts integration and make a migration
that sets all realms that are using Hangouts as their video chat
provider to the default, jitsi.

With changes by tabbott to improve the overall video call documentation.

Fixes: #15298.
2020-06-16 17:02:27 -07:00
jagansivam28 4576742b2f user avatar: Remove `user_avatar_file_input_error` id.
Now we can remove `user_avatar_file_input_error` id and added new class
`image_file_input_error`.we can access this class using
`#user-avatar-upload-widget .image_file_input` so that we can
have only one id at top-level and 'image_upload_widget.hbs`
can be more dynamic so we can use for other similar widgets also.
2020-06-16 12:12:21 -07:00
jagansivam28 c141daa624 user avatar: Remove `user_avatar_file_input` id.
Now we can remove `user-avatar-block` id and added new class
'image_file_input'.we can access this class using
`#user-avatar-upload-widget .image_file_input` so that we can have
only one id at top-level and 'image_upload_widget.hbs`
can be more dynamic so we can use for other similar widgets also.
2020-06-16 12:12:21 -07:00
jagansivam28 4fe066c437 user avatar: Remove `image-block` id.
Now we can remove `user-avatar-block` id and add common class `image_block`.
we can access this class using `#user-avatar-upload-widget .image_block`
so that we can have only one id at top-level and 'image_upload_widget.hbs`
can be more dynamic so we can use for other similar widgets also.
2020-06-16 12:12:21 -07:00
jagansivam28 9fde085536 user avatar: Remove `avatar-spinner-background` id.
Now we can remove the id `avatar-spinner-background` and access spinner
element from `#user-avatar-upload-widget .image_upload_spinner` so
that we can have only one id at top-level and 'image_upload_widget.hbs` can
be more dynamic so we can use for other similar widgets also.
2020-06-16 12:12:21 -07:00
jagansivam28 f609f675ae user avatar: Remove `avatar-spinner-background` id.
Now we can remove the id `avatar-spinner-background` and access spinner
element from `#user-avatar-upload-widget .settings-page-upload-text` so
that we can have only one id at top-level and 'image_upload_widget.hbs` can
be more dynamic so we can use for other similar widgets also.
2020-06-16 12:12:21 -07:00
jagansivam28 0e5c6fa578 user avatar: Remove `user_avatar_upload_button` id.
The upload text element is wrongly named as id=user_avatar_upload_button.
now  we can remove that id and access upload text element from
`#user-avatar-upload-widget .settings-page-upload-text` so that we
can have only one id at top-level  and 'image_upload_widget.hbs` can
be more dynamic so we can use for other similar widgets also.
2020-06-16 12:12:21 -07:00
jagansivam28 df4c8ab1a2 user avatar: Remove `user_avatar_delete` id.
We can remove id="user_avatar_delete" and access delete-text from
`#user-avatar-upload-widget .settings-page-delete-text` so that
we can have only one id at top-level  and 'image_upload_widget.hbs`
can be more dynamic so we can use for other similar widgets also.
2020-06-16 12:12:21 -07:00
jagansivam28 b3fca96254 user avatar: Remove user_avatar_delete_button id.
we can remove `user_avatar_delete_button` id and access delete button
from `#user-avatar-upload-widget .settings-page-delete-button` so that
we can have only one id at top level and 'image_upload_widget.hbs`
can be more dynamic so we can use for other similar widgets also.
2020-06-16 12:12:21 -07:00
jagansivam28 95de217326 user avatar: Rename and convert "#user-settings-avatar".
Renaming "user-settings-avatar" to "image_upload_button" since the
`user-settings-avatar` name is irrelevant/confusing for the upload
button, and converting the id into a class so that we could just have
only one outer id.
2020-06-16 12:12:21 -07:00
jagansivam28 14a77c8b9a settings: Refactor `image_upload_widget.hbs`.
We can check for the `is_editable_by_current_user` condition once in
the upper level instead of checking twice in middle for the same
conditions and to match the implementation of style realm icon and
realm logo since similar implementation between avatar, logo, the icon
will help us to use `image_upload_widget.hbs` for logo and icon
widgets also.

This likely fixes a bug with the delete text being shown incorrectly
for non-administrator users.
2020-06-16 12:12:21 -07:00
jagansivam28 20740de700 settings: Extract image_upload_widget.hbs from avatar upload widget.
We extract image_upload_widget.hbs from user avatar upload widget.
The plan is to the same HTML template for all 4 widgets (user avatar,
icon, day logo, night logo) across the two settings UIs and different
image upload widgets as possible in future.

This breaks i18n; we'll fix it in follow-up work.
2020-06-16 12:12:04 -07:00
jagansivam28 19490fe8b0 settings: Change user avatar image display HTML.
This changes the user avatar image display implementation to more
closely match how the realm icon and realm logo image features are
structured.  This is early preparatory work towards sharing this code
between the various widgets.
2020-06-16 12:03:50 -07:00
sahil839 18429cfd29 realm: Allow only owners to set message retention policy for a realm.
This commits adds restriction on admins to set message retention policy.
We now only allow only organization owners to set message retention
policy.

Dropdown for changing retention policy is disabled in UI for admins also.
2020-06-14 21:23:53 -07:00
sahil839 87e72ac8e2 realm: Allow only owners to configure auth methods for a realm.
This commit adds the restriction on configuring auth methods for
admins. We now allow only owners to configure the auth methods
for realm.
2020-06-14 21:23:51 -07:00
sahil839 a6f31c3668 settings: Disable organization deactivation button for admins.
This commit adds the code to disable deactivate organization button
for admins. We now allow only owners to deactivate the organization.

The backend implementation for allowing only owners to deactivate
is already added in 81c28c1.
2020-06-14 21:20:30 -07:00
SiddharthVarshney 8636d82eba settings: Use icon to play notification sound. 2020-06-13 16:46:05 -07:00
jagansivam28 1c3485647f realm logo: Refactor upload_widgets.js.
We can remove a {{theme_mode}}-settings class on the upload button
and access day/night from `.closest("realm-logo-section")`
so that only the outer ID differs between the two widgets.

Part of #14730.
2020-06-10 17:02:06 -07:00
jagansivam28 627666b57c settings org: Trigger realm logo upload by clicking on logo element.
We now trigger realm day/night logo upload by clicking on realm
day/night logo element itself rather than having a big upload button
and to match our user avatar UI.  Added new spinner over the logo
element itself to show while uploading realm logo for both day and
night logos.
2020-06-08 22:54:46 -07:00
jagansivam28 923f6b40c5 settings org: Replace realm logo delete button with X icon.
Replacing delete button for `realm day/night logo` with "X" icon in the
right corner of the logo image to match "user profile" avatar UI.
2020-06-08 22:54:46 -07:00
jagansivam28 adb1f56760 settings: Change user avatar spinner implementation.
Change user avatar spinner implementation to match
realm icon spinner implementation and have common css class
since similar implementation between similar widgets may help
in future deduplication.
2020-06-08 22:48:04 -07:00
jagansivam28 5f027f194b settings CSS: Refactor upload text css to use common css class.
Refactor user avatar and realm icon upload-text css
to use common CSS Class.
2020-06-08 22:48:04 -07:00
jagansivam28 a9b0c03a0d settings CSS: Refactor delete button, text css to use common css class.
Refactor user avatar and realm icon delete-button, delete-text CSS
to use common CSS Class.
2020-06-08 22:48:04 -07:00
Ryan Rehman ba0f869b3c notifications: Use the correct expression in template.
This fixes a bug where the "mobile" label was disabled
even when push notifications were configured for the server.
2020-06-07 11:43:42 -07:00
Anders Kaseorg 4d04fa3118 compose: Rewrite Zoom video call integration to use OAuth.
This reimplements our Zoom video call integration to use an OAuth
application.  In addition to providing a cleaner setup experience,
especially on zulipchat.com where the server administrators can have
done the app registration already, it also fixes the limitation of the
previous integration that it could only have one call active at a time
when set up with typical Zoom API keys.

Fixes #11672.

Co-authored-by: Marco Burstein <marco@marco.how>
Co-authored-by: Tim Abbott <tabbott@zulipchat.com>
Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2020-06-03 16:39:12 -07:00
Rohitt Vashishtha 4b47d219db settings: Use correct label for signup notifications stream.
When migrating to dropdown list widget, we incorrectly used the same label
for both realm_notifications_stream and realm_signup_notifications_stream.

This was introduced in b580baf682.
2020-06-03 12:19:08 -07:00
jagansivam28 12fd515831 settings org: Trigger realm icon upload by clicking on realm icon element.
Trigger realm icon upload by clicking on realm icon element itself
rather than having a big upload button and to match our user avatar UI.
Added new spinner over the icon element itself to show while
uploading realm icon.
2020-05-27 17:15:14 -07:00
jagansivam28 0c70365034 settings org: Replace realm icon delete button with X icon.
Replacing delete button for `realm icon` with "X" icon in the
right corner of the icon image to match "user profile" avatar UI.
2020-05-27 17:15:14 -07:00
Tim Abbott 5a9e834571 settings: Fix missing Emoji settings translation tag.
Fixes part of #15044.
2020-05-25 18:24:16 -07:00
Pragati Agrawal 441f9f43e7 templates: Extract help link widget.
This block of html is used at many places so it's a good idea to create a
template for it.
2020-05-24 16:32:36 -07:00
Rohitt Vashishtha 4d14ba41ba dropdown-list-widget: Properly handle disabled state.
We wrap the [reset] anchor tag in a button so that we can set 'disabled'
attribute on it. We change the styles to hide the [reset] button and the
pencil icon when the widget is disabled.

We also need to call `e.preventDefault()` in the event handler since now
the anchor tag behaves as a button.
2020-05-20 09:51:38 -07:00
Rohitt Vashishtha aeb247f528 dropdown-list-widget: Rename setting_name -> widget_name.
This change is another in a series of commits that allows us to use
DLW outside of realm_settings.
2020-05-19 15:13:28 -07:00
Steve Howell b746547395 user settings: Fix email sort for bots/deactivateds.
We were still sorting them with the generic alphabetic
sort due to the markup, despite passing in a custom
sort to the `list_render` class.

The `sort_email` helper often behaves like a generic
alphabetic sort, so this fix is mostly just making the code
do what it claims to do (and it's consistent with how
we already sort active users).

The nuance with emails is whether we display real
emails or system-generated emails.
2020-05-11 16:14:04 -07:00
Pragati Agrawal bd9b74436c org settings: Enable message_retention_days in org settings UI.
Since production testing of `message_retention_days` is finished, we can
enable this feature in the organization settings page. We already had this
setting in frontend but it was bit rotten and not rendered in templates.

Here we replaced our past text-input based setting with a
dropdown-with-text-input setting approach which is more consistent with our
existing UI.

Along with frontend changes, we also incorporated a backend change to
handle making retention period forever. This change introduces a new
convertor `to_positive_or_allowed_int` which only allows positive integers
and an allowed value for settings like `message_retention_days` which can
be a positive integer or has the value `Realm.RETAIN_MESSAGE_FOREVER` when
we change the setting to retain message forever.

This change made `to_not_negative_int_or_none` redundant so removed it as
well.

Fixes: #14854
2020-05-08 14:09:31 -07:00
Pragati Agrawal 12504075ee org settings: Rename plan_includes_wide_organization_logo to more generic.
It's a preliminary step to enable message_retention_setting in org settings
UI, which is a non-limited plan only feature. So we require a page_param
property that tells us the limited-plan state of the Zulip realm.
2020-05-08 14:04:21 -07:00
Pragati Agrawal b0466cfd67 org settings: Extract upgrade zulip plan tip widget.
We can use this tip at multiple places so it's a better idea to extract
this widget/tip in its own template.
2020-05-08 14:04:21 -07:00
Pragati Agrawal fd9b868635 org settings: Use standard "types" in `.get_input_element_value()`.
The reason is to make the hardcoded property type values consistent with
`typeof` operator.
2020-05-08 14:04:21 -07:00
Pragati Agrawal 93b9f1ccfb org settings: Fix typo in `id_realm_waiting_period_threshold` label.
This fixes the typo in `for` attribute of
`id_realm_waiting_period_threshold` setting.
2020-05-08 14:04:21 -07:00
Tim Abbott e2e0039ffe settings: Expose UI for limiting optional invitations to admins.
This option case is important both for cleaning the UI when
invitations as not required, as well as for some policy situations.

Partially fixes #14859.
2020-05-08 11:09:21 -07:00
Hashir Sarwar 55a8e7dff2 settings: Offer hiding presence info from other users.
For privacy-minded folks who don't want to leak the
information of whether they're online, this adds an
option to disable sending presence updates to other
users.

The new settings lies in the "Other notification
settings" section of the "Notification settings"
page, under a "Presence" subheading.

Closes #14798.
2020-05-02 15:09:05 -07:00
jagansivam28 bbf5a5efed invitation: Make Member to see invitations sent by him/her.
Member of the org can able see list of invitations sent by him/her.
given permission for the member to revoke and resend the invitations
sent by him/her and added tests for test member can revoke and resend
the invitations only sent by him/her.

Fixes #14007.
2020-05-01 17:42:49 -07:00
Wyatt Hoodes 2204f33936 data exports: Switch to solely using a status column. 2020-04-30 13:00:59 -07:00
Wyatt Hoodes 82e7ad8e25 data exports: Handle pending and failed exports.
Prior to this change, there were reports of 500s in
production due to `export.extra_data` being a
Nonetype.  This was reproducible using the s3
backend in development when a row was created in
the `RealmAuditLog` table, but the export failed in
the `DeferredWorker`.  This left an entry lying
about that was never updated with an `extra_data`
field.

To fix this, we catch any exceptions in the
`DeferredWorker`, and then update `extra_data` to
encode the failure.  We also fix the fact that we
never updated the export UI table with pending exports.

These changes also negated the use for the somewhat
hacky `clear_success_banner` logic.
2020-04-30 13:00:59 -07:00
Steve Howell cf78cb0d6e templates: Use `<hr>` and `<br>` consistently.
We now prevent these variations:

    * <hr/>
    * <hr />
    * <br/>
    * <br />

We could enforce similar consistency for other void
tags, if we wished, but these two are particularly
prevalent.
2020-04-28 17:05:48 -07:00
Anders Kaseorg 8138e06935 notifications: Add link for sending a test notification.
Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2020-04-26 23:02:05 -07:00
Rohitt Vashishtha 5098944afc settings: Consolidate CSS of all dropdown widgets. 2020-04-22 17:57:16 -07:00
Rohitt Vashishtha b580baf682 settings: Refactor notifications_stream setting to use DropdownListWidget.
This commit removes most of the duplicate logic for the stream selection
dropdowns for the settings: `realm_signup_notifications_stream_id` and
`realm_notifications_stream_id`.

We also make minot changes to DropdownListWidget to accomodate the stream
rendering of the format: `#stream_name`.

We finally switch to using stream_ids instead of stream_name everywhere
which makes reading data from page_params simpler.
2020-04-22 17:57:16 -07:00