Currently, the GitHub webhook sends activity from both public and private
repositories, which could lead to unintended disclosure of sensitive
information from private repositories.
This commit introduces a ignore_private_repositories parameter to the
webhook URL. When set to true, the webhook ignore processing activity from
private repositories, ensuring that such activities are not posted to
Zulip streams. By default, if the parameter is omitted or set to false,
activities from both public and private repositories are processed
normally. This provides users with the flexibility to control the
visibility of private repository activities without altering the default
behavior.
More importantly, this introduces a cleaner mechanism for individual
incoming webhooks to declare support for settings not common to all
webhook integrations.
Fixes#31638.
This makes sure that the "Add" button in members panel is
not enabled if the pill input is empty, in two cases - when
the members panel is opened and also when the members panel
is live-updated due to change in permission.
We now have a grey-ish background color for the pill container
with opacity also reduced like we do for the disabled select
elements in settings.
Needed to adjust the selectors so that the CSS for disabled
state correctly overrides the CSS for enabled state.
We show "0 members" text when a group has no direct members but
has subgroups which are all empty.
The behavior for when a group has neither direct members nor
subgroups is same where we show "This group has no members".
This commit updates code to just use permission settings
list from server_supported_permission_settings data
instead of calling create_realm_group_setting_widget
individually for each setting.
Also, updated the code to create dropdown widgets to check
if only system groups are allowed or not for a setting
instead of using a hardcoded list.
Previously we disabled time limit settings for moving
messages when non-admin and non-moderators users were
not allowed move messages as the time limit does not
apply to admins and moderators. And the time limit
setting to delete messages was disabled when all the
users who were allowed to delete their own message also
had permission to delete any message since time limit
does not apply to users who were allowed to delete any
message.
Now, as we use the new UI and allow the permission
settings to be set to anonymous groups, we just do
not disable the time limit setting to avoid complexity
and we anyways mention about cases when time limit is
not applicable.
Previously the banner was always shown to admins and to users who
cannot add emoji with the banner mentioning who can add emoji.
This commit updates the code to only show the banners who cannot
add emoji irrespective of their role, and just mention that they
do not have permission without any detail about who can add.
Some of the group setting elements were not live-updated
correctly since they were not present in realm_settings
dict and sync_realm_settings is only called for settings
present in that dict.
There is no need to pass the value of group settings to
template as rendering the UI is handled in JS. This was
probably added due to the old enum value setting being
passed to the template.
All similar elements in the compose box--the channel/DM widget, the
pill container on DMs, and the compose textarea--all use a 4px
border-radius, correcting the topic box's outlier status.
This helps avoid confusion with `participant_user_ids`
which is a property of the buddy list and describes
the currently visible participants, whereas
`all_participant_ids` describes all participants,
even those hidden due to search.
Because we regularly change what we want the placeholder
text to be, as the user enters and exits search, it's simpler
to just not use `data-search-results-empty` and set up the
placeholder from the buddy list code directly. Previously we
were trying to sometimes use `data-search-results-empty` and
sometimes set it directly, which is more confusing and complex.
Sometimes we might want to re-fill the screen after collapsing
or uncollapsing a section, so it's better to fill the screen
just once after determining if we should collapse the "other
users" section. Also, this commit removes a call to
`render_section_headers()` because that's always called at the
end of `fill_screen_with_content()`.
We now use new pills UI for public and private channel
creation settings. The UI for web-public channel
creation setting is still a dropdown as we allow only
system groups for that.
The first two are equivalent because they call `closest`
and the last one is directly equivalent. We're making these
changes to aid with the conversion to typescript.
We already have the code to ignore the deactivated groups before
sending the request and show appropriate message. This commit
just adds code to not show them in the typeahead and also not
create its pill if user types the full group name.
Even though we do not show groups that cannot be used as subgroups
in typeahead, user can still type the complete to get the pill
and make the request to the server which currently returns not so
good error message. This commit fixes it to not create the pill for
such cases and hence not making any request to server.
Mark as unread from here was not working in a channel feed when
we don't have all the messages fetched locally since the
channel ID was incorrectly passed as a string.
Copied the correction code from bulk_update_read_flags_for_narrow.
Streams should not be marked as private, and subscribers
of the deactivated stream should not be removed.
Update the confirmation message when archiving a stream.
When clicking on a message from an archived
stream, the `adjusted_terms` may be null since
archived streams are not sent back to the client.
This results in an error for the user.
Function `delete_sub` was exclusively called by `stream_data.delete_sub`.
With the change in the approach where we no longer remove subscriptions
from `stream_info` and `subs_by_stream_id`, the `delete_sub` function is no
longer needed.
Previously, when archiving a stream `delete` function was used to
remove stream from `stream_info`. However, with the current
approach, we don't remove stream instead we use the `set_false`
function to mark streams as false, making the `delete`
function unnecessary.
Stream is simply marked as `archived: true` instead of removing
the stream from `sub_store` and `stream_info`.
A check in `subscribe_myself` is added before subscribing to a
stream.
Earlier, in left stream sidebar, new topic button was shown for all
stream rows irrespective of compose permission of the user for
individual streams.
This commit changes the behaviour by hiding the new topic button if
user doesn't have appropriate compose permission for individual
streams.
Fixes: zulip#31800.
On the frontend, the selection is still a dropdown of system groups but
on the API level, we have started accepting anonymous groups similar to
other settings
We've kept require system groups true for now until we switch to group
picker on the frontend.
On the frontend, the selection is still a dropdown of system groups but
on the API level, we have started accepting anonymous groups similar to
other settings.
We've kept require system groups true for now until we switch to group
picker on the frontend.
If we paste a stream-topic URL that can be formatted as per #29302,
we now generate a normal markdown link if the stream topic syntax
could result in a broken link.
Fixes#31904
Previously, all members of the group, including members of
recursive groups, were shown in the the popover. Now only
direct members are shown along with the direct subgroups
of the group.
Fixes#32088.
The 'id' field in a dialog widget is used to add custom id to
the container element to modify styles.
We were not using this id anywhere, so this commit removes it.
When the user opens channel create settings from left sidebar, now the focus
is set on the channel name input.
The logic was already there, but not properly placed inside the overlay code path.
Fixes#32034.
This commit configures the click event on the channel name so that
when the user is narrowed to a topic within a channel, clicking the
same channel will navigate the user to the general channel feed. This
improves the user experience by allowing easy access to the full
channel feed when a user is focused on a specific topic.
Fixes#32032.
It’s not possible to animate or transition the `display` property, at
least until `transition-behavior: allow-discrete` lands in all
browsers. We already take care of applying `display: none` in a
JavaScript setTimeout (see alert_popup.ts, hide_error in
ui_report.ts).
Signed-off-by: Anders Kaseorg <anders@zulip.com>
This adds live update support for `is-followed` narrow. We need
to render the narrow again instead of just adding the relevant
messages from the updated topic since it not easy to determine
which message we need to add based on the selected message of the
user and which messages to ask from the server.
We do not show groups that will break the DAG constraint
on being added to a group as subgroups in the typeahead
shown in the members edit UI.
Fixes#32087.
Since `scroll_finished` is already called post render and we
don't have to wait for anything rendering before calling
`unread_ops.process_visible`, we can just directly call it.
Previously, when selecting a new channel in the "move topic" modal using
the keyboard, focus failed to advance to the topic input automatically.
Users had to press the tab key an extra time to move focus to the topic
input, which was not the intended behavior.
This commit modifies the `move_topic_on_update` function in
`web/src/stream_popover.js` to explicitly set focus on the topic input
field after a channel is selected.
Since we removed `unread_ops.process_visible` on system initiated
scrolling in #32038, this is important to take care of separately.
Reproducer: Go to a topic with a lot of unread messages and press
`end` key. Last message is not marked as read.
Fixes#31833
Quoting from the issue:
Some of the reasoning behind that proposal was:
We want the first unread message to be what gets highlighted by the
blue box, since that's what you should read first.
It's bad to eat one unread message when entering a
message feed via N or otherwise.
A consistent algorithm would be that messages get marked as read when
you move the blue box past them ... except that there'd be no way to
mark the last message that way.
Because the bottom being visible marks things as read, it should be
fine to make this change now, even though there wouldn't currently
be a way to use the location of the blue box to mark the last message
in the current view as read.
Instead of mutating `message_render_context` object with fields,
we declare the object once depending on msg_type. This is a
prep-commit for migrating the module to TS.
This commit updates the code, which checks if user is member of
the group before adding them to the group, to consider only
direct members and now allows members of subgroups to be added
as direct members of the group.
Having this code resulted in pills being deleted on
clicking enter in the pill container as this was
needed before ad11561d31, when we cleared the pill
container after adding users to the list of members.
html_selector is only used when rendering a single item in the list
using insert_rendered_row and render_item, which are not used for
group members list in group creation form.
"update_default_stream_and_stream_privacy_state" function
should be called only when changing or discarding settings
in "Stream permissions" subsections and not when changing
settings in "Advanced configurations" subsection, since
the behavior of stream privacy and default stream options
does not depend on settings in "Advanced configurations".
This also fixes the bug of trying to access "checked"
property on undefined value of $default_stream.find("input"),
since there is no such input in "Advanced configurations"
section.
Added `message_content_in_email_notifications` to the
`disabled_notification_settings` object to keep track of the setting.
Also added a tooltip message to display when the checkbox is disabled,
indicating that the setting is controlled by the organization.
Fixes: #27262.
This commit includes the following changes:
- Errors returned from the server when resending or
revoking invitations are now shown inside the
confirmation modal, keeping the modal open.
- We no longer display errors in place of the Resend
and Revoke buttons (in case of server errors), as
they are now handled within the confirmation modal.
- The "Working..." button text is no longer displayed
for the Resend and Revoke buttons, which was displayed
while the request was being processed.
- The confirmation modals now show a loading spinner,
while request is being processed.
Fixes part of #31395.
This commit includes the following changes:
- Display errors due to non-matching fields encountered
during resending or revoking invitations within
the confirmation modal, keeping the modal open.
- Each modal is now associated with a specific ID.
- Modify the error text for the above-mentioned errors.
- Stop the process of revoking or resending invitations
if an error due to non-matching fields occurs.
Fixes: #31395.
Bot icon shown in the typeahead recipient list which pops up
in the compose box while typing.
On typeahead hover, bot icon takes the color of the font
for better contrast.
Earlier, the count of total users and users who consented in the
'#allow_private_data_export_stats' text were not being live updated.
This commit fixes that behavior.
The counts are now live-updated when:
* a new user joins
* a user is removed
* a user is deactivated
* a user is reactivated
* a user toggles their 'allow_private_data_export' personal setting.
Fixes#31201.
This commit adds a "Export permissions" table
in the 'Data exports' setting panel.
The table lists the active human users and their
configuration of 'allow_private_data_export' setting.
Fixes part of #31201.
This avoids us marking new messages as read when they arrive without
user activity. Specifically, we don't mark all messages in the narrow
as read when the last message is visible and the scroll was
initiated without user input.
We have a bug where we can mark messages as read as a result of a
desktop left open with the Zulip window focused. To avoid it,
we only mark new messages as read if there is some user activity.
Note that we scroll to bring new messages into view which can
mark them as read.
This makes the behaviour of this screen similar to the create channel
screen where the user does not need to click `Add` button to add users
to members preview. This follows most of the logic from that flow for
soft removal, syncing between members preview list and the input pills,
etc. The current user will have a pill in this case unlike channel
creation since a user can create a group without them in it.
5980f4a502 moved the
`group_setting_disabled` class from pill container to its parent input
group without changing the nesting for the other css properties
properly. This commit fixes that.
For ListWidget, 'replace_list_data' makes a call to 'hard_redraw'
by default. There is no need to make a separate call to 'hard_redraw'
when using 'replace_list_data'.
In 'settings_users.js', we were making that separate call.
This commit removes that extra unnecesssary call.
This fixes a bug where we try to rerender the anchor message even
if we don't have it locally cached which results in error.
The bug was introduced in #31942.
There is no need to show the banner if the user creating the channel
is subscribed to it because user will eventually be narrowed to
channel narrow and seeing the banner flash doesn't look good.
There was a banner showed on channel creation page on successful
completion of the API request, but we do not need that now since
we anyways move to a different UI, either the settings for the
created channel or to the message view narrowed to the new channel.
The CSS for setting min-width was added in 63a7c9061b
to set the width of pill containers used for group
settings, but that also applied to pill containers of
subscribers in stream creation form.
This commit updates the CSS to be applied only for
settings in groups UI.
Disables the submit button on the invite user modal if the custom
time input value is a negative number or if the number is not an
integer.
Also updates the text for when the invite expires so say that the
custom time value is invalid.
Moves custom time input helper to `web/src/util.ts` so that it
can be reused for other modals where users can select a custom
time duration.
Co-authored by: Ujjawal Modi <umodi2003@gmail.com>
evykassirer
Karl Stolley
Aditya Kumar Kasaudhan
Sahil Batra
Aman Agrawal
Vector73
Alya Abbott
sanchi-t
Pratik Chanda
Shubham Padia
Kislay Udbhav Verma
Prakhar Pratyush
klarabratteby
klarabratteby
Aditya Chaudhary
Anders Kaseorg
Tim Abbott
Sayam Samal
bedo
Varun Singh
Maneesh Shukla
Saubhagya Patel
Vishesh Singh
Lauryn Menard