Long-term, we want this flow to do a full re-authentication, but this
makes the frontend consistent with the backend and fixes a confusing
bug where submitting the form ended up adding a weird `?password=`
thing to the URL, in addition to not working.
Fixes#12200.
See example here: https://jsbin.com/relewizita/edit?html,js,output
Basically the original statement get the first of each input, button
and select element, and then select the first of these in the next
line. We can simply query the first one in one step. The settings
menu have at most 20 of these input elements so performance should
have no impact.
A selector like `$('.elem1 .elem2:first')` selects the first descendant
with class name `.elem2` under `.elem1`. This is the same as saying
`$('.elem1 .elem2').first()`. See example here:
https://jsbin.com/bohehesari/edit?html,js,output
This adds a setting to control Zulip's default behavior of sorting to
bottom and graying out inactive streams. The previous logic is still
the default "automatic", but this gives users more control. See the
models.py comment for details.
Fixes#11524.
We have had a longtime bug where the state of pinned streams would not
update properly from the greyed out/inactive state to the active state
when a first message arrived to them.
After some discussion, we determined that likely the right fix for
this is to simply configure pinned streams to never be marked as
inactive; that's more in line with the intended user experience.
Fixes#8201.
For non-admins some organisation settings tabs are 'collapsed' by default.
A button at the bottom of these settings can be used to toggle
show/collapse for these settings tabs.
Resolves#12313.
Ensure that the html is safe, before using it. The html is considered if it is
in an iframe with a http/https src, based on the recommendations here:
https://oembed.com/#section3
We directly embed the `iframe` html into the lightbox overlay.
We were using these hollowed out arrows characters (⇽ , ⇾) in a few
places, these were inconsistent with the solid up and down arrow
characters (↑ , ↓) we use otherwise. This commit replaces them
everywhere in the codebase.
This includes all the changes on the frontend side to include the
bot owner in the popover. Includes the bot owner name as a link which
opens the full profile of the bot owner.
For bots without any owner (such as Notification Bot or Welcome Bot)
in place of bot owner name, 'System Bot' appears for cross realm bots
and 'Bot' for in-realm bots.
Fixes#10844.
Lightbox previews for youtube playlists use the "current" video in the playlist
for the preview. The open link for such previews is incorrectly set to the first
video alone, and not the playlist. This commit fixes the bug by linking to the
original URL for lightbox preview is being shown, instead of computing the URL.
Modifies the dict with the user info to include the key `bot_owner_id`
so it can be displayed in the user info popover.
Tests concerned with changing bot owner have been modified to have
number of events=2 because while updating the bot info, two events
are fired -- updating the `realm_bot` and `realm_user` since the
key `bot_owner_id` is a part of realm user info.
This commit separates the `waiting_period_threshold` setting from
the `create_stream_policy` setting, adding a new setting that the user
can use to select a waiting period threshold.
Both the invite to stream policy and create stream policy now have
three options: admins only, members and admins, or members after
waiting period/admins.
`realm_invite_to_stream_by_admins_only` doesn't appear elsewhere in our
codebase. Introduced in 272ed90, so I'm guessing this is the intended
value.
Co-Authored-By: Rishi Gupta <rishig@zulipchat.com>
The value in the handlebars template for `invite_to_stream_policy`
is inconsistent with the value in the js file. Changing all three
occurances to a third value, since that's the one we'll want moving
forward.
Co-Authored-By: Rishi Gupta <rishig@zulipchat.com>
Mostly rewritten by Tim Abbott to ensure it correctly implements the
desired security model.
Administrators should have access to users' real email address so that
they can contact users out-of-band.
In email hidden case (that is when `email_address_visibilty` is set to
everyone), for "non admins", this commit hides emails from:
- compose box user typeahead.
- PM user typeahead
In email hidden case, for admins, email is shown in user typeaheads.
In email hidden case (that is when `email_address_visibilty` is set to
everyone), for "non admins", this commit hides emails from:
- user popover
- custom profile popover
In email hidden case, for admins, email is shown in both user popovers and
custom profile popovers.
Along with this, we refactored settings_org.populate_auth_methods to use
HTML function after rendering all auth methods rows rather than appending
each row individually, which actually is a good practice.
Also in this commit, to compare `current_val` and `changed_val` in
`check_property_changed` function of the property
`realm_authentication_methods`, which are objects, and we found here
https://stackoverflow.com/a/1144249 that there is no easy way to do so. So
I followed this approach,
```js
JSON.stringify(obj1) === JSON.stringify(obj2)
```
but before converting them to string we want the same order of keys, so we
used `sort_object_by_key` to sort `current_val` by keys and
`get_auth_method_table_data` always return `changed_val` having keys
sorted.
Since these refactor were closely related we kept them as a single commit
here.
Fixes: #11954.
Actually, this is a preliminary commit which adds a general
`sort_obj_by_key` function to sort objects according to keys.
In this commit, we have refactored `populate_auth_methods` function by
extracting the logic for the desired `sort_obj_by_key` and used that to
sort `auth_methods`, but the main motive of this function is to sort
`realm_authentication_methods` in `check_property_changed` to sort
`current_val` in the upcoming commit.
This commit also adds a small functionality change where the results of
each webhook fixture message sent is now displayed to the user.
With a small tweak by tabbott to fix a styling bug.
Fixes#12122.
Note: If you're going to send fixtures which are not JSON or of the
text/plain content type, make sure you set the correct content type
in the custom headers.
E.g. For the wordpress fixtures the "Content-Type" should be set to
"application/x-www-form-urlencoded".
With perfectScrollbar, we needed to call a function from JavaScript to
enable a scrollbar on a new element, but simplebar has a much simpler
default API one can do by using data-simplebar attributes in the HTML.
So we can delete all the scrollbar creation/deletion code.
Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
Instead of deleting and rebuilding #private-container every time its
contents need to be updated, just replace its contents. This
eliminates some scrollbar flashing.
Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
