In a PM, if a user has made a post, and is later removed from the PM, they can still edit their own post. This can be done either if they happen to have a composer open in an active tab, or by just manually sending an HTTP request.
The post guardian is missing a basic check, can_see_post_topic? when we determine whether a user can edit a post or not. This basic check is already in place when we determine whether a user can see the post in the first place.
This PR adds in the missing check, so that if the user tries to edit their post after being removed, they'll receive a 403.
It also adds a MessageBus message scoped to the affected user and topic when they are removed from the PM, which will redirect them to their inbox. This helps avoid a stale tab where they are still in the PM which they by right can now no longer see.
discourse-emojis is used in chat only for message actions to show a
difference with the the other emojis so people don't think it's just the
smiley emoji.
When trying to insert schemaless or relative links using the "insert
hyperlink modal" in the composer, the resulting link would be wrongly
prefixed with "https://"
This is a small clean-up PR that does the following:
- Convert api-keys.hbs to a RouteTemplate backed api-keys.gjs.
- Move the sub-page templates (index, show, new) into /api-keys sub-directory.
- Removes some styles that aren't used after the admin UI conversion.
Similar to the `home-logo-href` and `home-logo-image-url` transformers,
this PR adds a new `home-logo-minimized` transformer to allow
plugins/themes to amend the default behavior of the header logo.
Internal topic: t/144688.
The new site setting `allow_anonymous_and_tl0_to_flag_illegal` allows
tl0 users to flag illegal content. In addition, anonymous users are
instructed on how to flag illegal content by sending emails.
Also `email_address_to_report_illegal_content` setting is added. If not
provided, then the site contact email is used.
Reverts 02113fc.
This is an imperfect detection of tablets and more generally, we want to
move away from detecting specific devices. THere's a broader effort to
remove mobile/desktop detection and rely instead on viewport-width-based
patterns and feature detection (touch, hover, etc.). See
https://github.com/discourse/discourse/pull/30642
To reach the same results in CSS/jS, we can use the `touch` and `hover`
media queries.
In CSS, something like:
```
@media (hover: none) {
// hover non excludes touchscreen desktops
.discourse-touch {
// we detect touch capability on the JS side, a bit of a belts and suspenders approach
}
}
```
And in JS:
```
this.capabilities.touch` plus `window.matchMedia("(hover: none)").matches
```
When tapping something on a touch-enabled device, `mouseMove` events are
still fired, so floatkit would still be triggered even if configured for
'hover' only. For links, this would be particularly strange, because the
tooltip would appear for a split-second, before the page navigation
occured.
To avoid this problem, we can use the more-modern 'pointerMove' event,
and check the `pointerType` to exclude 'touch'
* Fix tabbing inputs on first wizard step, the user would end up on
"Skip to content"
for the page "behind" the wizard. If the wizard is showing we can just
not render the skip to content element
* Only show the required wizard steps in the counter, so we do X/4
rather than X/6 at the top of the page.
* Change to "Setting up your theme..." by default, but if the install
takes 10s or more add a note that things are still happening and to
be patient.
Admin pages that are based off the customize or plugin templates were wrapped in the `admin-container` class, which has slightly different margins to the `admin-config-page` class, which is used on most admin pages.
This change ensures that all the admin pages have the same alignment.
Update the header of the admin Logs page to be more consistent with the rest of the admin UI.
The tabs to access the different sub-pages have also been updated.
The heading role on topic lists is desirable for screenreader users
because they can easily navigate from heading to heading.
Having this role on the link tag directly becomes problematic for Voice
Control users on Apple devices because unfortunately Voice Control
assumes that when given the role of a heading, it is not a link. This
makes it difficult to click.
This PR moves the heading role to the link's wrapper. This change allows
for heading-to-heading navigation for screenreaders, and also makes it
easier to click using Voice Control. The end result is that topic lists
are both navigable for screenreaders and Voice Control users.
We have the other side of this association wired up --
da72ad4ecd/app/models/topic_hot_score.rb (L4)
This commit simply adds the association to `Topic` model so we can
reference the hot score.
* Do not offer "categories with latest" option anymore, it does
not look good with our default Sidebar selection
* Display a sensible item in the dropdown if the admin has not
chosen hot, latest, or category_boxes as the homepage style,
before it was broken. Now we show Custom with a little blurb
about whether topics or categories are shown, and what the landing
page is
Update the header of the admin Email Style page to be more consistent with the rest of the admin UI.
The HTML/CSS tabs have also been updated, which required an extra check being added to the NavItem component.
Follow up from https://github.com/discourse/discourse/pull/27712.
Currently, we already add `noindex` to /u routes. However, due to
robots.txt blocking this, search engines are not able to see the header.
This commit removes /u from our robots.txt to allow search engines to
see the header. This commit also includes a migration to remove the /u
from admins who have overridden the file. I had contemplated not
including this migration, but seeing there are existing site admins who
are trying to remove errors from their dashboard, they would probably
welcome this change.
The migration replaces overridden text at this area, and will not modify
if additional routes have been added in-between:
<img width="500" alt="Screenshot 2025-01-15 at 11 28 43 AM copy"
src="https://github.com/user-attachments/assets/60db64c9-ed33-48a5-a917-a10545282a5c"
/>
Side effect note: This might potentially result in more pageviews* from
GoogleBot (for example) for a period of time as Google starts visiting
the user routes they have been denied before.
There are a few changes here to make the Emails admin page more consistent with the rest of the admin UI.
- The header and navigation menu have been updated.
- The sidebar now stays highlighted when visiting the email admin sub-pages.
- Moved the Template editor from /admin/customize/email_templates to /admin/email/templates, so it fit as a sub-page.
- Removed the link to the Template editor from the Customize section of the old top menu, since it's accessible from the Emails section, instead.
When clicking the "new features" notification item for
admins that navigates to /whats-new, the user notification
menu was not closing. This was happening because inside
the UserMenu::Menu component, the `routeDidChange` event
was firing and calling `closeUserMenu()`, however this is already
called inside the `Header` component via `toggleHamburger()`.
This is _only_ happening for the "new features" notification
item, other items have already been destroyed and they do not get
the `routeDidChange` event. No idea why, but this fixes the issue
in a global way.
Not sure why, but it looks like this `z-index: -1` on the composer
causes iOS to crash super quickly when pinch zooming . This change was
introduced in 07e5f8907e2a8de27c42c2d6f5a02fc153212288 and is not
strictly necessary, let's try removing.
In 0ed4b09527857d7751dba7fb2d765e08bf46a65e, this code was moved into
app.js, which means it actually ends up running after all the other
imports have been completed. That's too late, and some deprecations are
triggered before that.
This commit moves `setupDeprecationWorkflow` back into its own module,
with a 'side effect only' import from `app.js`.
This change allows controllers that construct TopicQuery parameters, to pass per_page into the TopicQuery constructor as an option. I can't see why this shouldn't be a public param, so long as we properly validate the value!
Internal discussion at t/145686.
