Currently, the GitHub webhook sends activity from both public and private
repositories, which could lead to unintended disclosure of sensitive
information from private repositories.
This commit introduces a ignore_private_repositories parameter to the
webhook URL. When set to true, the webhook ignore processing activity from
private repositories, ensuring that such activities are not posted to
Zulip streams. By default, if the parameter is omitted or set to false,
activities from both public and private repositories are processed
normally. This provides users with the flexibility to control the
visibility of private repository activities without altering the default
behavior.
More importantly, this introduces a cleaner mechanism for individual
incoming webhooks to declare support for settings not common to all
webhook integrations.
Fixes#31638.
This makes sure that the "Add" button in members panel is
not enabled if the pill input is empty, in two cases - when
the members panel is opened and also when the members panel
is live-updated due to change in permission.
We now have a grey-ish background color for the pill container
with opacity also reduced like we do for the disabled select
elements in settings.
Needed to adjust the selectors so that the CSS for disabled
state correctly overrides the CSS for enabled state.
We show "0 members" text when a group has no direct members but
has subgroups which are all empty.
The behavior for when a group has neither direct members nor
subgroups is same where we show "This group has no members".
This commit updates code to just use permission settings
list from server_supported_permission_settings data
instead of calling create_realm_group_setting_widget
individually for each setting.
Also, updated the code to create dropdown widgets to check
if only system groups are allowed or not for a setting
instead of using a hardcoded list.
Previously we disabled time limit settings for moving
messages when non-admin and non-moderators users were
not allowed move messages as the time limit does not
apply to admins and moderators. And the time limit
setting to delete messages was disabled when all the
users who were allowed to delete their own message also
had permission to delete any message since time limit
does not apply to users who were allowed to delete any
message.
Now, as we use the new UI and allow the permission
settings to be set to anonymous groups, we just do
not disable the time limit setting to avoid complexity
and we anyways mention about cases when time limit is
not applicable.
Previously the banner was always shown to admins and to users who
cannot add emoji with the banner mentioning who can add emoji.
This commit updates the code to only show the banners who cannot
add emoji irrespective of their role, and just mention that they
do not have permission without any detail about who can add.
Some of the group setting elements were not live-updated
correctly since they were not present in realm_settings
dict and sync_realm_settings is only called for settings
present in that dict.
There is no need to pass the value of group settings to
template as rendering the UI is handled in JS. This was
probably added due to the old enum value setting being
passed to the template.
All similar elements in the compose box--the channel/DM widget, the
pill container on DMs, and the compose textarea--all use a 4px
border-radius, correcting the topic box's outlier status.
This helps avoid confusion with `participant_user_ids`
which is a property of the buddy list and describes
the currently visible participants, whereas
`all_participant_ids` describes all participants,
even those hidden due to search.
Because we regularly change what we want the placeholder
text to be, as the user enters and exits search, it's simpler
to just not use `data-search-results-empty` and set up the
placeholder from the buddy list code directly. Previously we
were trying to sometimes use `data-search-results-empty` and
sometimes set it directly, which is more confusing and complex.
Sometimes we might want to re-fill the screen after collapsing
or uncollapsing a section, so it's better to fill the screen
just once after determining if we should collapse the "other
users" section. Also, this commit removes a call to
`render_section_headers()` because that's always called at the
end of `fill_screen_with_content()`.
We now use new pills UI for public and private channel
creation settings. The UI for web-public channel
creation setting is still a dropdown as we allow only
system groups for that.
The first two are equivalent because they call `closest`
and the last one is directly equivalent. We're making these
changes to aid with the conversion to typescript.
We already have the code to ignore the deactivated groups before
sending the request and show appropriate message. This commit
just adds code to not show them in the typeahead and also not
create its pill if user types the full group name.
Even though we do not show groups that cannot be used as subgroups
in typeahead, user can still type the complete to get the pill
and make the request to the server which currently returns not so
good error message. This commit fixes it to not create the pill for
such cases and hence not making any request to server.
Mark as unread from here was not working in a channel feed when
we don't have all the messages fetched locally since the
channel ID was incorrectly passed as a string.
Copied the correction code from bulk_update_read_flags_for_narrow.
Streams should not be marked as private, and subscribers
of the deactivated stream should not be removed.
Update the confirmation message when archiving a stream.
When clicking on a message from an archived
stream, the `adjusted_terms` may be null since
archived streams are not sent back to the client.
This results in an error for the user.
Function `delete_sub` was exclusively called by `stream_data.delete_sub`.
With the change in the approach where we no longer remove subscriptions
from `stream_info` and `subs_by_stream_id`, the `delete_sub` function is no
longer needed.
Previously, when archiving a stream `delete` function was used to
remove stream from `stream_info`. However, with the current
approach, we don't remove stream instead we use the `set_false`
function to mark streams as false, making the `delete`
function unnecessary.
Stream is simply marked as `archived: true` instead of removing
the stream from `sub_store` and `stream_info`.
A check in `subscribe_myself` is added before subscribing to a
stream.
Earlier, in left stream sidebar, new topic button was shown for all
stream rows irrespective of compose permission of the user for
individual streams.
This commit changes the behaviour by hiding the new topic button if
user doesn't have appropriate compose permission for individual
streams.
Fixes: zulip#31800.
On the frontend, the selection is still a dropdown of system groups but
on the API level, we have started accepting anonymous groups similar to
other settings
We've kept require system groups true for now until we switch to group
picker on the frontend.
On the frontend, the selection is still a dropdown of system groups but
on the API level, we have started accepting anonymous groups similar to
other settings.
We've kept require system groups true for now until we switch to group
picker on the frontend.
If we paste a stream-topic URL that can be formatted as per #29302,
we now generate a normal markdown link if the stream topic syntax
could result in a broken link.
Fixes#31904
Previously, all members of the group, including members of
recursive groups, were shown in the the popover. Now only
direct members are shown along with the direct subgroups
of the group.
Fixes#32088.
The 'id' field in a dialog widget is used to add custom id to
the container element to modify styles.
We were not using this id anywhere, so this commit removes it.
When the user opens channel create settings from left sidebar, now the focus
is set on the channel name input.
The logic was already there, but not properly placed inside the overlay code path.
Fixes#32034.
This commit configures the click event on the channel name so that
when the user is narrowed to a topic within a channel, clicking the
same channel will navigate the user to the general channel feed. This
improves the user experience by allowing easy access to the full
channel feed when a user is focused on a specific topic.
Fixes#32032.
It’s not possible to animate or transition the `display` property, at
least until `transition-behavior: allow-discrete` lands in all
browsers. We already take care of applying `display: none` in a
JavaScript setTimeout (see alert_popup.ts, hide_error in
ui_report.ts).
Signed-off-by: Anders Kaseorg <anders@zulip.com>
This adds live update support for `is-followed` narrow. We need
to render the narrow again instead of just adding the relevant
messages from the updated topic since it not easy to determine
which message we need to add based on the selected message of the
user and which messages to ask from the server.
We do not show groups that will break the DAG constraint
on being added to a group as subgroups in the typeahead
shown in the members edit UI.
Fixes#32087.
Since `scroll_finished` is already called post render and we
don't have to wait for anything rendering before calling
`unread_ops.process_visible`, we can just directly call it.
Previously, when selecting a new channel in the "move topic" modal using
the keyboard, focus failed to advance to the topic input automatically.
Users had to press the tab key an extra time to move focus to the topic
input, which was not the intended behavior.
This commit modifies the `move_topic_on_update` function in
`web/src/stream_popover.js` to explicitly set focus on the topic input
field after a channel is selected.
Since we removed `unread_ops.process_visible` on system initiated
scrolling in #32038, this is important to take care of separately.
Reproducer: Go to a topic with a lot of unread messages and press
`end` key. Last message is not marked as read.
Fixes#31833
Quoting from the issue:
Some of the reasoning behind that proposal was:
We want the first unread message to be what gets highlighted by the
blue box, since that's what you should read first.
It's bad to eat one unread message when entering a
message feed via N or otherwise.
A consistent algorithm would be that messages get marked as read when
you move the blue box past them ... except that there'd be no way to
mark the last message that way.
Because the bottom being visible marks things as read, it should be
fine to make this change now, even though there wouldn't currently
be a way to use the location of the blue box to mark the last message
in the current view as read.
Instead of mutating `message_render_context` object with fields,
we declare the object once depending on msg_type. This is a
prep-commit for migrating the module to TS.
This commit updates the code, which checks if user is member of
the group before adding them to the group, to consider only
direct members and now allows members of subgroups to be added
as direct members of the group.
Having this code resulted in pills being deleted on
clicking enter in the pill container as this was
needed before ad11561d31, when we cleared the pill
container after adding users to the list of members.
html_selector is only used when rendering a single item in the list
using insert_rendered_row and render_item, which are not used for
group members list in group creation form.
"update_default_stream_and_stream_privacy_state" function
should be called only when changing or discarding settings
in "Stream permissions" subsections and not when changing
settings in "Advanced configurations" subsection, since
the behavior of stream privacy and default stream options
does not depend on settings in "Advanced configurations".
This also fixes the bug of trying to access "checked"
property on undefined value of $default_stream.find("input"),
since there is no such input in "Advanced configurations"
section.
Added `message_content_in_email_notifications` to the
`disabled_notification_settings` object to keep track of the setting.
Also added a tooltip message to display when the checkbox is disabled,
indicating that the setting is controlled by the organization.
Fixes: #27262.
This commit includes the following changes:
- Errors returned from the server when resending or
revoking invitations are now shown inside the
confirmation modal, keeping the modal open.
- We no longer display errors in place of the Resend
and Revoke buttons (in case of server errors), as
they are now handled within the confirmation modal.
- The "Working..." button text is no longer displayed
for the Resend and Revoke buttons, which was displayed
while the request was being processed.
- The confirmation modals now show a loading spinner,
while request is being processed.
Fixes part of #31395.
This commit includes the following changes:
- Display errors due to non-matching fields encountered
during resending or revoking invitations within
the confirmation modal, keeping the modal open.
- Each modal is now associated with a specific ID.
- Modify the error text for the above-mentioned errors.
- Stop the process of revoking or resending invitations
if an error due to non-matching fields occurs.
Fixes: #31395.
Bot icon shown in the typeahead recipient list which pops up
in the compose box while typing.
On typeahead hover, bot icon takes the color of the font
for better contrast.
Earlier, the count of total users and users who consented in the
'#allow_private_data_export_stats' text were not being live updated.
This commit fixes that behavior.
The counts are now live-updated when:
* a new user joins
* a user is removed
* a user is deactivated
* a user is reactivated
* a user toggles their 'allow_private_data_export' personal setting.
Fixes#31201.
This commit adds a "Export permissions" table
in the 'Data exports' setting panel.
The table lists the active human users and their
configuration of 'allow_private_data_export' setting.
Fixes part of #31201.
This avoids us marking new messages as read when they arrive without
user activity. Specifically, we don't mark all messages in the narrow
as read when the last message is visible and the scroll was
initiated without user input.
We have a bug where we can mark messages as read as a result of a
desktop left open with the Zulip window focused. To avoid it,
we only mark new messages as read if there is some user activity.
Note that we scroll to bring new messages into view which can
mark them as read.
This makes the behaviour of this screen similar to the create channel
screen where the user does not need to click `Add` button to add users
to members preview. This follows most of the logic from that flow for
soft removal, syncing between members preview list and the input pills,
etc. The current user will have a pill in this case unlike channel
creation since a user can create a group without them in it.
5980f4a502 moved the
`group_setting_disabled` class from pill container to its parent input
group without changing the nesting for the other css properties
properly. This commit fixes that.
For ListWidget, 'replace_list_data' makes a call to 'hard_redraw'
by default. There is no need to make a separate call to 'hard_redraw'
when using 'replace_list_data'.
In 'settings_users.js', we were making that separate call.
This commit removes that extra unnecesssary call.
This fixes a bug where we try to rerender the anchor message even
if we don't have it locally cached which results in error.
The bug was introduced in #31942.
There is no need to show the banner if the user creating the channel
is subscribed to it because user will eventually be narrowed to
channel narrow and seeing the banner flash doesn't look good.
There was a banner showed on channel creation page on successful
completion of the API request, but we do not need that now since
we anyways move to a different UI, either the settings for the
created channel or to the message view narrowed to the new channel.
The CSS for setting min-width was added in 63a7c9061b
to set the width of pill containers used for group
settings, but that also applied to pill containers of
subscribers in stream creation form.
This commit updates the CSS to be applied only for
settings in groups UI.
Disables the submit button on the invite user modal if the custom
time input value is a negative number or if the number is not an
integer.
Also updates the text for when the invite expires so say that the
custom time value is invalid.
Moves custom time input helper to `web/src/util.ts` so that it
can be reused for other modals where users can select a custom
time duration.
Co-authored by: Ujjawal Modi <umodi2003@gmail.com>
Fixes part of #32007.
On the group left sidebar, when a user cannot leave a group, make the
tooltip message same as the leave group button on the right side panel.
Fixes part of #32007.
On the group left sidebar, when a user cannot join a group, make the
tooltip message same as the leave group button on the right side panel.
Before sending typing notifications to the server, if the realm
requires topics for channel messages, make sure that the topic
string is not an empty string in the compose box.
In the guest visible users message, replace the manual help
link implementation with Zulip’s `help_link_widget` template
to reduce code duplication and improve maintainability.
Follow-up to commit 3b1877e.
Previously, when the guest role was selected in the Invite modal and
guests were restricted from viewing all other users, there was no
indication of how many users the invited guests would be able to see
once they joined.
This commit resolves that issue by adding a note in the Invite modal
that dynamically informs users of the number of visible users.
Fixes#31159.
Changed the text of the quota notice to
"Your organization is using x% of your 5 GB file
storage quota. Upgrade for more space."
Instead of having a link on "Upgrade", the entire
notice is now a clickable banner with a rocket icon,
consistent with other banners used in settings.
Fixes#29077.
This fixes a bug where after condensing a long message which is
barely visible at bottom, the selected message scrolls out of view.
When user comes back to this view, the selected message is out of view
when we restore the selected message offset.
The main change is redefining ALLOW_GROUP_VALUED_SETTINGS to not
control code, but instead to instead control the configuration for
whether settings that have not been converted to use our modern UI
patterns should require system groups.
Fundamentally, it's the same for the realm/stream group-valued
settings, which don't have the new UI patterns yet.
We remove the visual hiding of the "can manage group" setting, which
was hidden only due to transitions being incomplete.
Checking `browser_history.state.changing_hash` was not correct since
we were calling `select_id` on message list, which saves the narrow
state, before we set `browser_history.state.changing_hash` to `false`.
That means, it was not reliable to save the narrow state.
Also, it is possible that `save_narrow_state` is called after URL hash
is changed but before we render the new message list. That could result
in us saving the narrow state of the previous message list on the
new URL. That could lead to a weird bug where message list doesn't
change after clicking on a near link but user just gets scrolled
in the current message list as per the wrongly saved narrow state.
We fix it by only saving the narrow state when the URL matches the
filter set in the current message list.
If a muted message for the currently rendered message list is moved
to a non muted topic, it was not rendered if it is part of
`_all_items` and not `_items` due to it being previously muted.
We fix it by removing all the moved messages from the list and
added them back which allows us filter the messages for muting again.
This overall reduces the amount of rerender calls too since we
are now guaranteed to only call it once now.
Fixes#31977
This will be useful for later when we'll need the schema for
converting settings_org to typescript.
This commit also renames StreamSettingProperty to more accurately
reflect the type of a single property key.
This will be useful for later when we'll need the schema for
converting settings_org to typescript.
This commit also renames RealmSettingProperty to more accurately
reflect the type of a single property key.
Followup to #31960. I forgot to consider the case of a narrow with
an undefined filter. To make sure we fully run render_section_headers
on narrows like Recent Conversations the first time they load, this
commit initializes `current_filter` to the string "unset".
Previously, these were only shown for Mac OS users and replaced
the "Home", "End", "PgUp" and "PgDn" shortcuts. But as this really
depends on the keyboard the user is using (there are Mac keyboards
with the above keys), we instead show both options in our web app
and help center documentation on keyboard shortcuts.
The tooltip for the "Scroll to bottom" button will now always show
"End" for all users. Previously, it showed a "Fn" key option for
Mac users.
Fixes#31815.
The operand for the canoncial "channel" operator can be an ID, but
it must be an integer and not a string, so we take care of that
directly in handle_operators_supporting_id_based_api.
This commit adds a 'Type' column to the Data exports table
in the org settings.
It specifies whether it's a public data or standard export.
Fixes part of #31201.
'realm_upload_quota_mib` is updated when `plan_type` changes.
Earlier, we were including 'upload_quota' to update
`realm_upload_quota_mib` in extra_data field of 'realm op: update'
event format when property='plan_type'.
This commit migrate those two parameters to `realm op: update_dict`
event format.
* None of the clients processes these fields, so no compatibility
code required.
* Renamed `upload_quota` to `upload_quota_mib` as it better aligns
with our goal to encode units in the client-facing API names.
Also, it helps to avoid extra code to update 'realm_upload_quota_mib`
in web client, web client simply aligns with
'realm["realm_" + key] = value'.
When combined feed is cached, moving messages can cause some
messages to be missing.
This can be reproduced by moving messages from a muted stream to
non muted stream.
Fixed by updating all rendered message lists for the messages
that were moved.
Earlier we use to restrict admins, moderators or members of a group to
manage that group if they were part of the realm wide
`can_manage_all_groups`. We will not do that anymore and even
non-members of a group regardless of role can manage a group if they are
part of `can_manage_all_groups`.
See
https://chat.zulip.org/#narrow/stream/101-design/topic/Group.20add.20members.20dropdown/near/1952902
to check more about the migration plan for which this is the last step.
Fixes#25942.
Users with permission to manage the group (either on the group level or
realm level) should be able to add members to the group without being
present in can_add_members_group.
This commit moves the code to compute the profile field order and
the number of fields shown is user card, out of the list_widget
functions just to maintain the code readability and keeping code
easy to understand.
Earlier, only public data export was possible via `POST /export/realm`
endpoint. This commit adds support to create full data export with
member consent via that endpoint.
Also, this adds a 'export_type' parameter to the dictionaries
in `realm_export` event type and `GET /export/realm` response.
Fixes part of #31201.
`$(".buddy-list-subsection-header").children()` has length more often
than I had thought. Using the narrow filter is more direct way of
managing this state.
Removed "type"/"Type" from schema and type names used
for group settings because we want to use "type"/"Type"
only for "type of a type" cases.
So, this commit renames-
- anonymous_group_type => anonymous_group_schema
- group_setting_type_schema => group_setting_value_schema
- GroupSettingType => GroupSettingValue
We also had duplicate definitions for GroupSettingType, in
state_data.ts and in settings_components.ts. So, removed it
from settings_components.ts.
This commit updates live-update of group settings like we do for
stream and realm settings.
Current behavior is -
- If the save discard buttons are visible, meaning that the current
user was in the middle of changing a setting, then all the settings
elements are synced to the original value irrespective of whether
that setting was actual updated, including the setting which the
current user was changing.
- If the save discard buttons are not visible, then only the
element of updated setting is synced as it is not needed to
reset the UI for other settings.
We make the change similar to what we did for realm and stream
settings in 5da1e57fc2. 5da1e57fc2 did not had the changes
for group settings since we had only one group setting then
but now we have multiple settings.
Since group setting value can be an object containing
direct_members and direct_subgroups fields, this code
updates check_group_property_changed function to use
isEqual to compare the setting values instead of using
"===".
This makes sure that save-discard widget is shown and
hidden as expected.
This function only uses `e` for its `target`, so it could instead be
passed the `HTMLInputElement` instead of the `JQuery.ChangeEvent`. The
caller is an event handler for the selector `"input, select"` and
`<input>` has no children, so there’s no difference here between
`.target` and `.currentTarget`.
This will be helpful for typescript, because `currentTarget` has
clearer typing.
The "members" field for user groups sent by servers only include
active users, so there is no need for is_person_active check to
filter out the deactivated users.
We show a confirmation dialog explaining the "resolve topics"
feature when the user marks a topic resolved for the first time.
If the user confirms the action, we mark the
topic resolved, else we don't.
We don't show anything the first time a topic is marked
unresolved.
Fixes#31242
This commit improves the copy codeblock button and playground button
in the codeblocks to improve their visibility, particularly when on
top of some code.
Previously, the text under these buttons was difficult to select, as the
buttons would block the selection. This commit now hides these buttons
when a user clicks on any part of the codeblock, allowing to view the
code without any distractions, as well as, allowing the user to select
any part of the code.
We previously auto-mocked this out of expediency, but that made it
impossible to test anything that uses the Zod schemata in the same
module.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
This commit is a follow-up of 43eebbf9c6,
and it sets `data-simplebar-tab-index="-1"` on the remaining popovers.
This prevents the simplebar container from taking focus while trying to
navigate the popovers via the keyboard, thus fixing the bug where the
user had to click the down key twice before reaching the first
focus-able popover menu option.
This should work because all the events are either `change` events or
`click` events on elements without children. This change is being made
to make typescript migration easier, ecause we can type `this` more
easily than `e.target`.
This simplifies the StreamSubscription type, and parallels how we
always initialize every other property that isn’t in
NeverSubscribedStream (audible_notifications, desktop_notifications,
email_notifications, push_notifications, wildcard_mentions_notify,
color, is_muted). email_address was already optional.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
Fixes#31701.
This fixes a bug where when the user clicks on a near link, the
pointer doesn't shift to the `near` linked message. This can
be a confusing experience for the user.
On a fresh render of a narrow if the view doesn't scroll,
`update_sticky_recipient_headers` is not called. So, we need call
it after we have scrolled to the message we want to select.
This helps us better update the views where we don't have the
messages that were updated cached or the filter cannot be
applied locally.
Tested using browser breakpoints for search `zulip` in starred narrow
for `!filter.can_apply_locally()` and setting message_fetch
constants to single digit for `messages_to_fetch.length > 0`.
This flake was happening since `wait_for_fully_processed_message`
only checks if the `star` icon is displayed on the message but
doesn't check for current narrow or waits for the narrow to
change.
Since narrow is changed to the message narrow after sending a
message. If we don't wait for narrow to change, this narrow change
can make the `get_current_msg_list_id` call return true for the
wrong narrow change. Which causes message list id of the wrong
message list to be returned and hence we cannot locate this
message list id.
To fix it, we check if sending this message will cause a narrow
change and if true, we wait for the narrow to change before
checking if the message is visible.
Previously, only spaces were used as word separators when searching
for topics. This meant that searching for "support" would not find a
topic named "topic_support" or "topic/support," which could lead to
unexpected results.
To address this, hyphen (-), underscore (_), colon (:), and slash (/)
have been added as additional word separators for topic filtering in
the left sidebar, as these characters are commonly used as separators
in topic names.
Fixes: #31844