Commit Graph

913 Commits

Author SHA1 Message Date
1f5cce705c FIX: Include locale in extra-locales URLs (#31480)
Previously the rendered locale was based on the current session's
locale. Now that we're routing requests via the CDN, we can't rely on
the user's session, and should instead include the locale name in the
URL. Also adds a `.js` suffix for parity with our other JS assets.
2025-02-24 17:20:46 +00:00
12291f745c PERF: Move extra-locale digest from query-param to path (#31479)
CDNs are often configured to strip query params, which means that the
`?v=` parameter wasn't reaching the Rails app, and therefore the
cache-control header was not being set correctly. Having a 40 character
sha1 digest in the **path** is the approach we take for other similar
assets like stylesheets and theme-javascripts.

Also adds a spec for the fix in 573fbeef64f052decc47e740cbe01a3c298c20b5
2025-02-24 14:09:15 +00:00
00907363d4 DEV: Drop ember-cli-based SCSS and locale compilation (#31407)
This totally separate SCSS and i18n compilation pipelines only existed
so that we could run `ember exam` in CI without starting Rails.

Now that our CI has such heavy caching of Ruby dependencies and database
migrations, the speed benefit of this is not worth the cost of
maintaining these separate pipelines.

Therefore, this commit removes that system, and updates CI to use
`bin/rake qunit:test`. That will start up a Rails server and proxy
stylesheet/locale requests to it. This strategy was already used for our
theme and plugin qunit test runs.
2025-02-21 11:15:04 +00:00
e26a1175d7 FEATURE: Initial version of experimental admin search (#31299)
This feature allows admins to find what they are
looking for in the admin interface via a search modal.
This replaces the admin sidebar filter
as the focus of the Ctrl+/ command, but the sidebar
filter can also still be used. Perhaps at some point
we may remove it or change the shortcut.

The search modal presents the following data for filtering:

* A list of all admin pages, the same as the sidebar,
   except also showing "third level" pages like
   "Email > Skipped"
* All site settings
* Themes
* Components
* Reports

Admins can also filter which types of items are shown in the modal,
for example hiding Settings if they know they are looking for a Page.

In this PR, I also have the following fixes:

* Site setting filters now clear when moving between
   filtered site setting pages, previously it was super
   sticky from Ember
* Many translations were moved around, instead of being
   in various namespaces for the sidebar links and the admin
   page titles and descriptions, now everything is under
   `admin.config` namespace, this makes it way easier to reuse
   this text for pages, search, and sidebar, and if you change it
   in one place then it is changed everywhere.

---------

Co-authored-by: Ella <ella.estigoy@gmail.com>
2025-02-21 11:59:24 +10:00
5eb7d6d9c0 FEATURE: Gracefully handle unhandled reviewables (#31118)
Plugins like for example AI or Akismet create reviewable items. When the
plugin is disabled, then we cannot properly handle those items.

In that situation, we should display warnings about unhandled types.
Instruct admin to reenable plugins. In addition, we should allow the
admin to delete all pending reviews from disabled plugins.
2025-02-05 14:38:45 +11:00
b89cf9b443 SECURITY: Disable access to "activate-account" route for existing users 2025-02-04 13:32:38 -03:00
5bc7371192 FEATURE: Localization admin settings config page (#31085)
This commit adds a new Localization config page for
admins, as a basic filtered site setting page similar
to Legal and Notifications. Included settings are:

* default locale
* allow user locale
* set locale from accept langauge header
* onebox locale
* display local time in user card
* discourse local dates enabled
* support mixed text direction
* unicode usernames
* allowed unicode username characters
2025-01-31 12:55:30 +10:00
7fc8d74f3e FEATURE: Allow admins to export users (#30918)
The GDPR requires all users to be able to export their data, or request an export of their data. This is fine for active users as we have a data export button on user profiles, but suspended users have no way of accessing the data export function, and the workaround for admins to export data for suspended users involves temporarily unsuspending them, then impersonating the user to export the data as them.

Since suspended users no longer have access to their account, we can safely assume that the export request will be coming via a medium outside of Discourse (eg, email). This change is built with this workflow in mind.

This change adds a new "User exports" section to the admin user page, allowing admins to start a new export, and to download the latest export file.
2025-01-24 08:13:25 +11:00
5da6a06ce3 UX: Use DPageHeader on the Emails page (#30781)
There are a few changes here to make the Emails admin page more consistent with the rest of the admin UI.

- The header and navigation menu have been updated.
- The sidebar now stays highlighted when visiting the email admin sub-pages.
- Moved the Template editor from /admin/customize/email_templates to /admin/email/templates, so it fit as a sub-page.
- Removed the link to the Template editor from the Customize section of the old top menu, since it's accessible from the Emails section, instead.
2025-01-15 15:36:16 +11:00
6740a340ca DEV: unifies emoji picker (#28277)
The chat emoji picker is renamed emoji-picker, and the old emoji-picker is removed.

This commit doesn't attempt to fully rework a new emoji-picker but instead tries to migrate everything to one picker (the chat one) and add small changes.

Other notable changes:
- all the favorite emojis code has been mixed into one service which is able to store one state per context, favorites emojis will be stored for all topics, and for each chat channel. Meaning that if you always use a specific emoji in a channel, it will only show as favorite emoji in this channel.
- a lot of static code has been removed which should improve initial load perf of discourse. Initially this code was around to improve the performance of the emoji picker rendering.
- the emojis are now stored, once the full list has been loaded, if you close and reopen the picker it won't have to load them again.

List of components:

- `<EmojiPicker />` will render a button which will open a dropdown
- `<EmojiPickerContent />` represents the content of the dropdown alone, it's useful when you want to render a picker from an action which is not the default picker button
- `<EmojiPickerDetached />` just a simple wrapper over `<EmojiPickerContent />` to make it easier to use it with `this.menu.show(...)`

---------

Co-authored-by: Renato Atilio <renatoat@gmail.com>
2025-01-08 11:41:36 +01:00
8185770d63 UX: Admin setting page consistency - Files and Other (#30572) (#30614)
Followup c2282439b32d879a73217eec62449f042914d7d0

Make the Files and Other config pages reached from the sidebar
use our consistent site setting page rules.

Also slightly improves AdminAreaSettings so we don't show
"Settings not found" when still loading settings.
2025-01-07 16:39:00 +10:00
ec3b6d57c2 UX: Admin setting page consistency - Onebox (#30611)
Create a basic config page that only contains Onebox-related settings, to replace the "onebox" category view linked to from "Onebox" in the admin sidebar.
2025-01-07 16:21:53 +11:00
46e4290a2a UX: Admin setting page consistency - User API (#30610)
Create a basic config page that only contains user API-related settings, to replace the "user_api" category view linked to from "User API" in the admin sidebar.
2025-01-07 16:05:54 +11:00
18a8ca38ff UX: Admin setting page consistency - Rate Limits (#30609)
Create a basic config page that only contains rate limiting-related settings, to replace the "rate_limits" category view linked to from "Rate limits" in the admin sidebar.
2025-01-07 15:46:40 +11:00
ef8b62ae0a UX: Admin setting page consistency - Developer (#30607)
Create a basic config page that only contains developer-related settings, to replace the "developer" category view linked to from "Developer" in the admin sidebar.
2025-01-07 15:17:36 +11:00
9ffbf93aa7 UX: Admin setting page consistency - Spam (#30606)
Create a basic config page that only contains security-related settings, to replace the "security" category view linked to from "Security settings" in the admin sidebar.
2025-01-07 15:17:15 +11:00
d9d1da82cb UX: Admin setting page consistency - Security (#30598)
Create a basic config page that only contains security-related settings, to replace the "security" category view linked to from "Security settings" in the admin sidebar.
2025-01-07 13:48:40 +11:00
70381a1e39 UX: Admin setting page consistency - Experimental (#30572) (#30603)
Followup c2282439b32d879a73217eec62449f042914d7d0

Make the Experimental config page reached from the sidebar
use our consistent site setting page rules.
2025-01-07 12:22:10 +10:00
30be75460f UX: Admin setting page consistency - Group permissions (#30528) (#30578)
* UX: Admin setting page consistency - Group permissions (#30528)

Followup c2282439b32d879a73217eec62449f042914d7d0 and
21470e4afd49127fc6281a5bde6357e86b11a4ae

Adds a new "Group permissions" page and group_permissions site
setting area, which shows every single group-based site setting
in the app and core plugins.

Also adds a "trust_levels" area to show on the already moved
admin "Trust level" settings page, since that previously was
showing a mix of trust level settings and allowed group settings.

* DEV: Review fixes
2025-01-07 11:25:21 +10:00
f5126199f6 UX: Admin setting page consistency - Navigation (#30574)
Create a basic config page that only contains navigation-related settings, to replace the setting filtered view linked to from "Navigation" in the admin sidebar.
2025-01-06 17:44:33 +11:00
17f4052068 UX: Admin setting page consistency - Search (#30528) (#30573)
Followup c2282439b32d879a73217eec62449f042914d7d0

Make the Search config page reached from the sidebar
use our consistent site setting page rules.
2025-01-06 16:36:48 +10:00
9a87baaab4 UX: Admin setting page consistency - Legal (#30572)
Followup c2282439b32d879a73217eec62449f042914d7d0

Make the Legal config page reached from the sidebar
use our consistent site setting page rules.
2025-01-06 16:08:42 +10:00
21470e4afd UX: Admin setting page consistency - Trust levels (#30571)
Followup c2282439b32d879a73217eec62449f042914d7d0

Make the trust levels config page reached from the sidebar
use our consistent site setting page rules.
2025-01-06 15:53:18 +10:00
5463b845e3 UX: Admin setting page consistency - Site Logo (#30567)
Create a basic config page that only contains site logo settings, to replace the "branding" category linked to from "Site logo" in the admin sidebar.
2025-01-06 15:45:19 +11:00
01ceeae2d6 UX: Admin setting page consistency - Fonts (#30564)
Create a basic config page that only contains font-related settings, to replace the setting filtered view linked to from "Font style" in the admin sidebar.
2025-01-06 15:05:40 +11:00
407fa69778 UX: admins embedding page follows admin ux guideline (#30122)
Conversion of /admin/customize/embedding page to follow admin UX guidelines.
2025-01-06 13:01:08 +11:00
3260654505 UX: Admin setting page consistency - Notifications (#30528)
Followup c2282439b32d879a73217eec62449f042914d7d0

Make the Notifications config page reached from the sidebar
use our consistent site setting page rules.
2025-01-03 10:34:40 +10:00
c2282439b3 UX: Move first settings admin route to config page (#30510)
For consistency, we are updating all sidebar links that
point to an /admin/customize/site_settings URL to their
own config pages, in preparation for more focused config
pages in future. This will mitigate the issue we have now,
which is that every sidebar link you click showing a different
UI to admins.

This commit moves admin/config/login-and-authentication to
establish the pattern.
2025-01-02 09:13:37 +10:00
5711bf6f27 DEV: Move admin config pages out of /customize/ sub-route (#30511)
The customize routes add CSS classes that make these admin
config pages look different from the ones under /admin/config.
We want all config routes to be under /admin/config as well.

This commit moves the emoji, user fields, and permalinks pages
out of customize and into config, updating all references and
adding more rails routes as needed.

Also renames admin emojis route to emoji, emoji is singular and plural.
2025-01-02 09:13:11 +10:00
f186e3e80b DEV: Add categories_and_hot Route (#29948)
This PR adds a route to categories_and_hot and methods in categories_controller.
2024-11-27 11:11:33 -06:00
118f7869bb FEATURE: Add bulk destroy to admin users list (#29744)
This commit introduces a new feature that allows staff to bulk select and delete users directly from the users list at `/admin/users/list`. The main use-case for this feature is make deleting spammers easier when a site is under a large spam attack.

Internal topic: t/140321.
2024-11-25 11:13:35 +03:00
88af23e1ca DEV: Modernize admin user fields (#29843)
This PR modernizes the user fields area of the admin UI. It is largely based on the work on the emoji section.
2024-11-25 11:54:43 +08:00
ec7de0fd68 Require permitted scopes when registering a client (#29718) 2024-11-19 15:28:04 -05:00
42b1ca8f78 UX: redesign admin permalinks page (#29634)
Redesign the permalinks page to follow the UX guide. In addition, the ability to edit permalinks was added.

This change includes:
- move to RestModel
- added Validations
- update endpoint and clear old values after the update
- system specs and improvements for unit tests
2024-11-14 10:03:58 +11:00
189d98f3ca DEV: Convert admin emojis UI to new layout (#29615)
This PR converts the custom emoji UI in the admin pages to follow the new admin UI guidelines.
2024-11-11 15:04:15 +08:00
cb4b8146a3 Add dedicated user_api_key_clients table to allow for 1:many use cases (#28119) 2024-11-08 12:05:03 -05:00
19672faba6 FEATURE: Add invite link to the sidebar (#29448)
Some checks are pending
Licenses / run (push) Waiting to run
Linting / run (push) Waiting to run
Tests / ${{ matrix.target }} ${{ matrix.build_type }} (system, plugins) (push) Waiting to run
Tests / ${{ matrix.target }} ${{ matrix.build_type }} (system, themes) (push) Waiting to run
Tests / ${{ matrix.target }} ${{ matrix.build_type }} (annotations, core) (push) Waiting to run
Tests / ${{ matrix.target }} ${{ matrix.build_type }} (backend, core) (push) Waiting to run
Tests / ${{ matrix.target }} ${{ matrix.build_type }} (backend, plugins) (push) Waiting to run
Tests / ${{ matrix.target }} ${{ matrix.build_type }} (frontend, plugins) (push) Waiting to run
Tests / ${{ matrix.target }} ${{ matrix.build_type }} (frontend, themes) (push) Waiting to run
Tests / ${{ matrix.target }} ${{ matrix.build_type }} (system, chat) (push) Waiting to run
Tests / ${{ matrix.target }} ${{ matrix.build_type }} (system, core) (push) Waiting to run
Tests / core frontend (${{ matrix.browser }}) (Chrome) (push) Waiting to run
Tests / core frontend (${{ matrix.browser }}) (Firefox ESR) (push) Waiting to run
Tests / core frontend (${{ matrix.browser }}) (Firefox Evergreen) (push) Waiting to run
This commit adds a new "Invite" link to the sidebar for all users who can invite to the site. Clicking the link opens the invite modal without changing the current route the user is on. Admins can customize the new link or remove it entirely if they wish by editing the sidebar section.

Internal topic: t/129752.
2024-10-30 05:31:14 +03:00
cbdab52056 DEV: restore custom route for custom homepage (#29343) 2024-10-22 13:17:36 -04:00
433fadbd52 FEATURE: allow admins to enable announced experimental features (#29244)
Toggle the button to enable the experimental site setting from "What's new" announcement.

The toggle button is displayed when:
- site setting exists and is boolean;
- potentially required plugin is enabled.
2024-10-22 10:56:58 +11:00
3ad2fd032b FEATURE: Initial themes config area with grid (#28828)
* UX: More additions

* UX: more

* DEV: Add admin/config/themes route

* UX: Use admin config card

* syntax merge fixes

* cleanup

* cleanup

* checkbox

* more

* error

* save on click

* more

* fix setter

* DEV: Implement vanilla checkbox

* cleanup

* UX: save themes as default

* DEV: Add component list to card

* DEV: Add placeholder for no screenshots

* DEV: Fix default theme reactivity

Also add content/optionalAction yields to config area
card and put the theme user selectable checkbox there,
along with adding styles.

* DEV: Change to generic "look and feel" config area

* DEV: Auto redirect to themes on base look and feel route

* UX: Remove computed from sorted themes

* linting

* UX: Turn update icon into button that routes to settings

* DEV: remove unused function

* UX: center icons with title

* DEV: Lint

* UX: Hook up theme preview button

* DEV: Minor fixes

---------

Co-authored-by: Martin Brennan <martin@discourse.org>
Co-authored-by: Joffrey JAFFEUX <j.jaffeux@gmail.com>
2024-10-15 10:54:38 -05:00
59c3f2e5a2 DEV: Fix build by removing custom route that triggers error (#29131) 2024-10-08 13:27:43 -04:00
520f71b8f8 FIX: Routing back to homepage from admin sidebar (#29125) 2024-10-08 10:05:08 -04:00
8fc34e9323 DEV: Add a skeleton for section landing page & items (#28477)
We are going to start making section landing pages
for admin for each sidebar section. This lays the framework
with routes and simple components that can be further
refined by a designer, but I have taken the base CSS from
AI which Kris made.

The initial section landing items will be used in AI to replace
the placeholders added in this commit b8b3c61451
2024-10-02 12:19:38 +10:00
a1e5796ba1 FEAT: Allow admin delete user's associated accounts (#29018)
This commit introduces a feature that allows an admin to delete a user's
associated account. After deletion, a log will be recorded in staff
actions.

ref=t/136675
2024-09-27 20:08:05 +08:00
be33363f13 FEATURE: Add ability to dismiss admin notices (#28916)
his is a new feature that lets admins dismiss notices from the dashboard. This helps with self-service in cases where a notice is "stuck", while we work on provisions to prevent "sticking" in the first place.
2024-09-17 14:43:34 +08:00
c760b30190 DEV: Redirect /theme-tests to /theme-qunit (#28617)
The name `/theme-qunit` comes from the days when we served the main qunit tests at `/qunit`. Nowadays, with ember-cli, the core tests are on `/tests`, so `/theme-tests` makes more sense, and might be what people think to try.

Changing the name would be a fairly large refactor. But we can add a redirect very easily.
2024-08-29 09:48:47 +01:00
35b748e7f4 FIX: Don't show silence button on staff users and display similar users (#28423)
This commit fixes a bug where the silence button is incorrectly displayed on the admin page of a staff user. It's not actually possible to silence a staff user because the backend correctly prevents it, but the frontend isn't checking if the button should be displayed.

Another small bug that this commit fixes is the similar users list not showing up inside the silence/suspend modals due to also a bug in the frontend.

I've also changed the way similar users are loaded so that they're not returned by the `admin/users#show` endpoint anymore and moved them into a new endpoint that the penalize modals (suspend and silence) can call directly to retrieve the list of users. This is done because the similar users list is never shown on the admin user page (`/admin/users/:user_id/:username`); they're only needed when the suspend or silence modals are opened.

Internal topic: t/130014.
2024-08-20 15:27:29 +03:00
1446596089 UX: Apply admin interface guidelines to Backups page (#28051)
This commit converts the Backups page in the admin interface
to follow our new admin interface guidelines.

As part of this work, I've also made `AdminPageHeader` and `AdminPageSubheader`
components that can be reused on any admin page for consistency, that handle
the title and action buttons and also breadcrumbs.

Also renamed `AdminPluginFilteredSiteSettings` to `AdminFilteredSiteSettings` since
it can be used generally to show a subset of filtered site settings, not only
settings for a plugin. Not sure if it's ideal to have to define a new route for this
for every config area, but not sure how else to do it right now.
2024-08-20 09:59:43 +10:00
2492fe7715 FIX: Set sane default for Net::HTTP when processing a request (#28141)
This commit patches `Net::HTTP` to reduce the default timeouts of 60
seconds when we are processing a request. There are certain routes in
Discourse which makes external requests and if the proper timeouts are
not set, we risk having the Unicorn master process force restarting the
Unicorn workers once the `30` seconds timeout is reached. This can
potentially become a vector for DoS attacks and this commit is aimed at
reducing the risk here.
2024-08-06 07:12:42 +08:00
2d5f323ca3 DEV: Move config area site setting fetch into new controller (#28136)
Followup 4aea12fdcb21216a528451c0f8803e02dff24998

In certain config areas (like About) we want to be able
to fetch specific site settings by name. In this case,
sometimes we need to be able to fetch hidden settings,
in cases where a config area is still experimental.

Splitting out a different endpoint for this purpose
allows us to be stricter with what we return for config
areas without affecting the main site settings UI, revealing
hidden settings before they are ready.
2024-07-30 15:41:28 +10:00