472 commits

Author	SHA1	Message	Date
Ibrahim Serdar Acikgoz	ba1cec51a5	[MM-68693] Resource level permission policies and new simulation (#36472)	2026-05-21 14:40:05 +02:00
Scott Bishel	448a642835	Add inline action buttons for bot-posted markdown (#36219) ... * Add inline action buttons for bot-posted markdown Bots, webhooks, and plugins can now embed clickable action buttons inside markdown (including table cells) using mmaction://actionId links, with row-specific parameters forwarded to the integration on click. This enables use cases like a per-row "Mx Plan" button in a fleet-status table that opens a dialog scoped to the clicked row. Design - New post prop inline_actions maps actionId (alphanumeric) to a PostActionIntegration {URL, Context}, capped at 50 entries. - Markdown link with scheme mmaction:// emits a placeholder span that messageHtmlToComponent converts to the InlineActionButton component. - Click POSTs inline_context (parsed from the URL query string) to the existing /posts/{id}/actions/{action_id} endpoint; the server merges it into the integration request as context.inline_params while preserving the post-level context. - Only bot, webhook, and plugin posts render the button; non-integration posts have inline_actions stripped on create, update, and ephemeral broadcast. Hardened-mode also covers the new prop. - Reuses the existing PostAction dialog pipeline: plugin handlers reply with a trigger_id and call /actions/dialogs/open as before. Security - InlineContext capped at 50 entries / 128-char keys / 2 KB values. - Integration Context cloned per click so per-click inline_params and selected_option cannot leak into the cached post for other clickers. - Plugin response updates cannot add inline_actions to a post that did not already have them; invalid entries are dropped with a warn log. - Label content and data attributes are escaped; labels are flattened to plain text (tags stripped, entities decoded, then escaped). - Malformed JSON request bodies now return 400 instead of falling through with an empty inline_context. Tests - Model: validators, normalization, GetInlineAction, strip, fallback. - App: create strip, update guard (4 subtests including AllowInlineActionsUpdate bypass), ephemeral strip, inline_params merge, context-map isolation, plugin-response guards, from_bot and from_plugin retention across plugin updates. - API: inline_context validation (size bounds + error id), omitempty backward compat, malformed JSON 400. - Webapp: renderer scheme handling, allow/deny flags, size caps, HTML escape, tag strip, entity decode, attribute-injection defense; component click dispatch, double-click race guard, unmount safety, error-result recovery, aria state. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * lint fix * i18n-extract * Review fixes for inline action buttons - renderer: preserve actionId case; reject opaque mmaction: URI - app: require bot AND integration session to preserve inline_actions - app: restore original inline_actions when plugin response is invalid - i18n: rename key to ...app_error to match convention Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * Tighten UpdatePost inline_actions guard; fix test seeds - app: UpdatePost now requires AllowInlineActionsUpdate to modify inline_actions. Integration session alone is insufficient — a PAT-wielding user could otherwise inject inline_actions on any post they could edit. - tests: seed bot posts with inline_actions via an integration session (intSeedCtx) so they survive the create-time strip. - renderer: lint fix (blank line before comment block). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * Reject malformed inline-action authorities at render time - renderer: enforce ^[A-Za-z0-9]+$ on actionId, mirroring the server regex. Authorities like mmaction://plan:443 or mmaction://user@plan now fall through to plain text instead of rendering a dead button. - post: clarify in the strip comment that webhooks and plugins bypass CreatePostAsUser entirely (they call CreatePost / CreatePostMissingChannel directly), so the strip block does not apply to them. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * Tighten inline-action renderer tests - Replace oversized-params test with boundary pair (at-cap and over-cap) to lock in the > vs >= behavior of the size-limit check. - Add a "surrounding text survives" assertion for the tag-strip path so a future swap from regex strip to a DOM sanitizer won't silently drop legitimate content along with tags. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * Inline action buttons via mmaction:// markdown links Adds inline action buttons rendered from mmaction:// links in markdown, with the click pipeline reusing the existing post-action infrastructure. Aligned with the broader mm_blocks_actions framework (Daniel's PR). * fix lint, DoS hardening, fix and rename test * Address review feedback * lint fix * Reject percent-encoded path traversal in validateIntegrationURL (e.g. %2e%2e%2f) by parsing the URL and checking the decoded path. --------- Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com> Co-authored-by: Mattermost Build <build@mattermost.com>	2026-05-20 13:34:44 -06:00
Scott Bishel	a84941bec1	Remove Legacy Interactive Dialog code (#35874)	2026-05-20 13:34:13 -06:00
Pablo Vélez	345a0b76a6	Mm 68506 fe abac mask fe table editor cel and e2e (#36517) ... * MM-68501 - implement GetMaskedVisualAST and wire API handler Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * add missing test and fix style issues * fix styles * implement coderabbit feedback * MM-68501 - PR review: split masking file, model-level access mode, reject contradictory config Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * MM-68501 - apply shared_only filter to non-option field values (binary masking) * MM-68501 - consolidate masking flag check and log corrupt text value during masking * MM-68503 - add CEL utilities, write-path validation, and merge helpers Combined set of helpers consumed by BE-5's save path: CEL construction / serialization - extractStringValues, buildCELFromConditions, conditionToCEL, celStringLiteral, celValueLiteral. Used to rebuild a CEL string from a VisualExpression, including for GetMaskedExpression on the read-side of policy GET / search responses. Merge-on-save helpers - getHiddenValues (per-condition, with pre-fetched fields map for N+1 avoidance) — finds which stored values are not visible to the caller. - mergeConditionValues — re-injects the hidden values into a submitted condition without duplicates. - Together, these let BE-5 preserve attribute values the caller cannot see while still letting them edit the visible parts of a policy. Write-path value-hold validation - validatePolicyExpressionValues, invalidValueError, validateConditionValues. - Generic "Invalid value." error on every rejection — no signal about whether the value exists or is merely not held (prevents enumeration). - Rejects the masked-token sentinel "--------" if submitted as a literal. These all live in access_control_masking.go alongside the masking primitives that BE-2 introduced. i18n entries added for the two new error IDs (app.pap.save_policy.invalid_value, app.pap.validate_expression_values.app_error). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * MM-68503 - handle the masked-token sentinel in validation and merge When the GET /policies endpoint returns a policy via MaskPolicyExpressions, the raw expression contains the masked-token sentinel "--------" in place of hidden values. If the frontend round-trips that expression unchanged back to the server (e.g., the admin only modified channel assignment, not the rules), the sentinel reaches the save path. The previous code in validateConditionValues rejected the sentinel as "Invalid value." This blocks the legitimate round-trip case. Fix: - validateConditionValues: treat the sentinel as a placeholder and skip it during visibility / source-only / unknown-mode checks. Other values are still validated normally. - mergeConditionValues: strip the sentinel from submitted values before appending hidden values, so it never propagates to the stored result. Both array and single-value forms (string == "--------") are handled. TestMaskedTokenRejection (which asserted the old rejection behavior) is replaced by TestMaskedTokenConstant which only verifies the sentinel string itself. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * MM-68504 - integrate save-path masking: 403 block on delete, merge-on-save, response masking Save path (CreateOrUpdateAccessControlPolicy): * validatePolicyExpressionValues runs on the submitted expression before merge so re-injected hidden values are never validated against the caller's holdings. * mergeStoredPolicyExpressions re-injects hidden values from the stored policy and blocks (HTTP 403) any attempt to remove a condition that contained values the caller cannot see — closes the row-deletion gap in classified environments. * mergeExpressionWithMaskedValues unwraps single-element arrays for scalar operators after restoring the stored operator (avoids "attr == [val]" invalid CEL when the frontend submits "attr in []" as the masked-row placeholder for an originally-scalar condition). * checkSelfInclusion is bypassed for system admins (they may legitimately write conditions for values they do not hold); masking and value-hold validation still apply to system admins. Delete path (DeleteAccessControlPolicy): * Same masked-values 403 block — a caller with masked values cannot delete the policy at all (UI Delete button is also disabled in FE-3). Response masking: * createAccessControlPolicy and setAccessControlPolicyActiveStatus run MaskPolicyExpressions on the response so even a save reply doesn't leak the values the caller does not hold. GetMaskedExpression, maskConditionValuesWithToken, replaceHiddenValuesWithToken, MaskPolicyExpressions live alongside the rest of the masking helpers in access_control_masking.go. team_access_control.go: corrects ValidateChannelEligibilityForAccessControl call site (drops the spurious receiver and rctx; it's a package-level helper that only takes channel). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * MM-68503 - address PR review: batch field fetches, propagate errors, fail-closed write path * MM-68503 - restore team-admin api4 tests accidentally dropped during BE-5 rebuild * MM-68503 - address review and CodeRabbit feedback on save-path masking * add tests for delete masking, self-inclusion, GET mask * add assertions to strengten tests * MM-68505 - add has_masked_values type and MaskedChip component Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * MM-68506 - add masking support to TableEditor and team settings modal TableEditor (table_editor.tsx, table_editor.scss): - hasMaskedValues plumbed through rows; lock operator/attribute selectors on masked rows. - Row remove (trash) button disabled on masked rows; disabled-state CSS so the icon doesn't show the destructive hover colour or a pointer cursor. - Test Rules button disabled when any row has masked values, with tooltip. - onMaskedStateChange callback to notify the parent for cross-component states (CEL editor read-only, Save disabled, banners). Value selectors (single_value_selector_menu.tsx, multi_value_selector_menu.tsx, selector_menus.scss, value_selector_menu.tsx): - Append MaskedChip after visible chips on multi-value rows. - Render MaskedChip as the sole value on single-value rows where the caller holds no visible value. Policy details (policy_details.tsx, .scss, .test.tsx): - Track hasMaskedRows state; receive from TableEditor via onMaskedStateChange. - Show masked-values warning banner above the editor when present. - Same banner on the Delete confirmation modal so admins understand why deletion is consequential. Team settings modal (team_policy_editor.tsx, .scss): - Same masked-values plumbing; delete button uses the disabled state when a policy has masked values, regardless of whether channels are assigned. - Pre-save check no longer treats "in []" as an incomplete rule — that placeholder comes from fully-masked rows that merge-on-save will fill in. i18n entries added for the new strings. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * MM-68506 - fix hook order in SingleValueSelector when masked state changes The early return for `hasMaskedValues && !value` sat between useState and useCallback declarations, so when a parent re-render flipped the masked state (e.g. after deleting a sibling rule) React saw a different hook count and crashed with "Rendered fewer hooks than expected". Move the read-only short-circuit after all hook declarations so the hook order stays stable across renders. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * MM-68507 - CEL editor read-only when masked + system console wiring CEL editor (editor.tsx, editor.scss): - hasMaskedRows prop: when true, Monaco is set to read-only and a banner explains why ("This expression contains restricted values. Switch to Simple mode to edit the values you have access to, or delete the entire rule."). - Test Rules button disabled in CEL mode when hasMaskedRows is true. Policy details (policy_details.tsx, .scss): - hasMaskedRows state plumbed to CELEditor, TableEditor, and the Save / Delete buttons. - Save button disabled while masked rows are present (kept after the save-allowed-with-masked-values change in BE-5? — no, here we keep Save enabled so admins can add/modify rules; only row removal of masked rows is blocked). - Delete Policy button disabled when hasMaskedRows; a SectionNotice above the Delete card explains why ("This policy contains restricted values - Deletion not allowed"). - New save error messages: invalid_value and self_exclusion are surfaced from the server's generic responses. Policies list (policies.tsx): minor wiring change for the new state plumbing. Table editor (table_editor.tsx): cross-component coordination — emits onMaskedStateChange and respects the disabled-for-masked-row policy. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * MM-68508 - E2E suite for attribute-value masking Covers the full read+write masking flow against a real server: - Masked chip rendering, operator/attribute lock, Test Rules disabled. - System admin subject to masking like any other caller (no role bypass). - Save with masked values: hidden values preserved by merge-on-save. - Trash button disabled on masked rows; server returns 403 on direct API attempt to remove a masked condition. - Delete Policy button disabled + server 403 when policy has masked values (both system console and team settings modal paths). - Self-inclusion failure only fires when the caller holds full visibility. - CEL editor read-only with banner when masked rows present. - Direct API validation: non-held values and the masked-token sentinel rejected with a generic "Invalid value." error. - Feature-flag-off path: no masking, all values visible. - Text-field shared_only masking (binary) with `in` and `==` operators. A pluggable DB-setup helper marks specific CPA fields as shared_only for the duration of a test (with per-test cleanup) since the API blocks setting access_mode=shared_only without a source_plugin_id. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * MM-68506 - fix lint, jest mock factory, and unreachable delete-modal test * MM-68506 - localize masked-condition-deleted save error * MM-68506 - fix masked-policy delete warning detection and localize masked_rule_deleted * fix linter issues * MM-68506 - surface delete error, lock value selector on masked rows, drop dead remove-modal * fix linter, add translations, adjust specs * import wittoltip from shared * fix linter and use the correct button variant * MM-68506 - drop dangling rationale comment in access_control_field_test * fix linter, translation and e2e tests * use pg ts types and dependencies for e2e types mocks * adjust switch mode persistance restriction * fix team settings style buttons * fail-closed guard for advanced expressions in merge-on-save, plus helper unit tests, and FF/test-helper cleanups * MM-68505 - add has_masked_values type and MaskedChip component Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * MM-68506 - add masking support to TableEditor and team settings modal TableEditor (table_editor.tsx, table_editor.scss): - hasMaskedValues plumbed through rows; lock operator/attribute selectors on masked rows. - Row remove (trash) button disabled on masked rows; disabled-state CSS so the icon doesn't show the destructive hover colour or a pointer cursor. - Test Rules button disabled when any row has masked values, with tooltip. - onMaskedStateChange callback to notify the parent for cross-component states (CEL editor read-only, Save disabled, banners). Value selectors (single_value_selector_menu.tsx, multi_value_selector_menu.tsx, selector_menus.scss, value_selector_menu.tsx): - Append MaskedChip after visible chips on multi-value rows. - Render MaskedChip as the sole value on single-value rows where the caller holds no visible value. Policy details (policy_details.tsx, .scss, .test.tsx): - Track hasMaskedRows state; receive from TableEditor via onMaskedStateChange. - Show masked-values warning banner above the editor when present. - Same banner on the Delete confirmation modal so admins understand why deletion is consequential. Team settings modal (team_policy_editor.tsx, .scss): - Same masked-values plumbing; delete button uses the disabled state when a policy has masked values, regardless of whether channels are assigned. - Pre-save check no longer treats "in []" as an incomplete rule — that placeholder comes from fully-masked rows that merge-on-save will fill in. i18n entries added for the new strings. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * MM-68506 - fix hook order in SingleValueSelector when masked state changes The early return for `hasMaskedValues && !value` sat between useState and useCallback declarations, so when a parent re-render flipped the masked state (e.g. after deleting a sibling rule) React saw a different hook count and crashed with "Rendered fewer hooks than expected". Move the read-only short-circuit after all hook declarations so the hook order stays stable across renders. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * MM-68507 - CEL editor read-only when masked + system console wiring CEL editor (editor.tsx, editor.scss): - hasMaskedRows prop: when true, Monaco is set to read-only and a banner explains why ("This expression contains restricted values. Switch to Simple mode to edit the values you have access to, or delete the entire rule."). - Test Rules button disabled in CEL mode when hasMaskedRows is true. Policy details (policy_details.tsx, .scss): - hasMaskedRows state plumbed to CELEditor, TableEditor, and the Save / Delete buttons. - Save button disabled while masked rows are present (kept after the save-allowed-with-masked-values change in BE-5? — no, here we keep Save enabled so admins can add/modify rules; only row removal of masked rows is blocked). - Delete Policy button disabled when hasMaskedRows; a SectionNotice above the Delete card explains why ("This policy contains restricted values - Deletion not allowed"). - New save error messages: invalid_value and self_exclusion are surfaced from the server's generic responses. Policies list (policies.tsx): minor wiring change for the new state plumbing. Table editor (table_editor.tsx): cross-component coordination — emits onMaskedStateChange and respects the disabled-for-masked-row policy. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * MM-68508 - E2E suite for attribute-value masking Covers the full read+write masking flow against a real server: - Masked chip rendering, operator/attribute lock, Test Rules disabled. - System admin subject to masking like any other caller (no role bypass). - Save with masked values: hidden values preserved by merge-on-save. - Trash button disabled on masked rows; server returns 403 on direct API attempt to remove a masked condition. - Delete Policy button disabled + server 403 when policy has masked values (both system console and team settings modal paths). - Self-inclusion failure only fires when the caller holds full visibility. - CEL editor read-only with banner when masked rows present. - Direct API validation: non-held values and the masked-token sentinel rejected with a generic "Invalid value." error. - Feature-flag-off path: no masking, all values visible. - Text-field shared_only masking (binary) with `in` and `==` operators. A pluggable DB-setup helper marks specific CPA fields as shared_only for the duration of a test (with per-test cleanup) since the API blocks setting access_mode=shared_only without a source_plugin_id. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * MM-68506 - fix lint, jest mock factory, and unreachable delete-modal test * MM-68506 - localize masked-condition-deleted save error * MM-68506 - fix masked-policy delete warning detection and localize masked_rule_deleted * fix linter issues * MM-68506 - surface delete error, lock value selector on masked rows, drop dead remove-modal * fix linter, add translations, adjust specs * import wittoltip from shared * fix linter and use the correct button variant * MM-68506 - drop dangling rationale comment in access_control_field_test * fix linter, translation and e2e tests * use pg ts types and dependencies for e2e types mocks * adjust switch mode persistance restriction * fix team settings style buttons * fail-closed guard for advanced expressions in merge-on-save, plus helper unit tests, and FF/test-helper cleanups * Refactor access control methods to use GetPropertyGroup for CPA group ID retrieval * fix styles * disable delete on masked policies in list view and remove dead modal warnings * fix unit tests * preserve hasAnyOf operator display for fully-masked multiselect conditions * address PR feedback: lock Actions on masked save, filter source/shared_only from /attributes, add unit tests and e2e tests * fix e2e tests * comment out e2e to isolate issue * completely remove the files to pass linter --------- Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Co-authored-by: Mattermost Build <build@mattermost.com>	2026-05-19 21:25:14 +02:00
Daniel Espino García	92f6870a2b	Add "last used" field for incoming webhooks (#36416) ... * Add "last used" field for incoming webhooks * Address feedback * Rename migrations * Fix web lint	2026-05-19 15:22:04 +02:00
Andre Vasconcelos	23b4d8275b	MM-68197 Show classification banners in web and desktop apps (#36490) ... * Add Classification Markings admin console page Adds a new admin console page under Site Configuration for managing classification markings. This allows system administrators to define classification levels (e.g., UNCLASSIFIED, SECRET, TOP SECRET) with associated colors and rank ordering, which will be used for system-wide and per-channel classification banners. The page includes: - Enable/disable toggle backed by the property field system (field existence = enabled) - Country preset dropdown (US DoD, NATO, UK GSCP, Canada, Australia PSPF) that auto-fills standard classification levels - Editable classification levels table with drag-and-drop reorder, inline text editing, color picker, and delete - Auto-switch to "Custom" preset when levels are manually modified - Confirmation dialog when switching presets would overwrite custom data Also adds: - ClassificationMarkings feature flag (default off) - Generic property field client methods (get/create/patch/delete) for the /api/v4/properties/ endpoints - Enterprise license + feature flag gating on the admin page Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * Fix classification markings: add validation, error handling, and system object type - Add "system" as a valid property field object type so the classification markings API calls succeed - Surface load errors instead of silently swallowing them (only suppress 404 for unconfigured state) - Validate before save: require at least one level, non-empty names, and no duplicates - Default to custom preset with empty levels on first open - Add section strings to searchableStrings for admin console search Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * Move classification field to CPA group targeting users Store the classification markings property field in the custom_profile_attributes group with object_type 'user' instead of the attributes group with object_type 'system'. Clear target_id for PSAv2 system target compliance and mark the field as admin-managed. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * Stabilize preset option IDs and add danger warning on preset switch Hardcode deterministic IDs for all preset classification levels so switching away and back preserves option IDs, preventing orphaned property values. Compare only level data (not preset label) for change detection so cosmetic preset switches don't trigger false save states. Show a danger modal with red confirm button when changing presets on an existing field, warning about system-wide impact on classified resources. The warning appears once per session then allows frictionless switching. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * Remove system object type from property fields Not needed yet — will be added when system/channel banners are implemented. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * Fix ESLint errors in classification markings admin page Fix import ordering and remove unused generateId import. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * Address CodeRabbit review feedback for classification markings - Register property field API endpoints when ClassificationMarkings flag is enabled (not just IntegratedBoards) to prevent 404s - Preserve preset option IDs when creating a new classification field instead of blanking them with empty strings - Add sysconsole read/write permission constants for classification markings across server and webapp, and wire up resource-level permission checks in the admin definition Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * Add rank attribute to classification marking options Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * Add classification markings permissions migration and read-only support Add a permissions migration to grant classification markings sysconsole permissions to existing roles on upgrade. Wire up the disabled prop so read-only users can view but not edit classification settings. Register the permission in the Delegated Granular Administration UI. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * Paginate loadField to find classification field beyond first page Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * Fix lint errors and warnings in classification markings Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * Remove classification markings sysconsole permissions; gate on sysadmin instead Classification markings admin page no longer uses feature-specific read/write permissions. Visibility is gated on license + feature flag, editing is gated on system admin role. This avoids coupling feature-specific permissions to the generic property service. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * Set sysadmin-level permissions on classification markings field creation Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * Use stable IDs instead of array indices for classification level operations Switch updateLevel/deleteLevel to identify levels by ID rather than index, sort levels by rank on load, and extract i18n strings. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * Refactor classification markings into extracted helper functions Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * Add tests for classification markings admin console feature Add unit and component tests covering: - Pure function tests for detectPreset, optionsToLevels, levelsToOptions, processClassificationField, and fetchClassificationField pagination logic - React component tests for rendering states, validation, and user interactions - Client4 property field method tests for URL construction and HTTP verbs - Server routing test verifying routes register with ClassificationMarkings flag - Feature flag default and serialization test Export pure functions from classification_markings.tsx to enable direct testing. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * Fix lint errors in classification markings tests Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * Fix test compilation error * Fix color input auto-filling after 3 hex characters in classification markings Buffer ColorInput onChange in a LevelColorCell wrapper so the table doesn't re-render mid-typing, preventing the input from losing its focus-guarded local state. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * Fixing style issues with color picker z-index * Added fix to prevent immediate dismissal when clicking inside color picker * Adding E2E test suite for configuration * Removing duplicates * Fixing unrelated linter error * Fixing test linting issues * Updating tests to skip appropriately * Matching configuration to UX specs * Fixing style lint * Added informational banner for presentational nature of markings * Enabling the markings flag on playwright server * Added missing feature flag to e2e test environment in ci * Reverting changes to color_input - Not needed as we're using a custom component * Added and polished global banner configuration * Refactoring webapp for readability - Separating components - Adding unit tests - Isolating helper methods into utilities * Fixing linter errors * linter fix * Manually fixing linter issues * Separating global classification component * Added persistence of classification marking configuration * Changing LevelID with LevelName * Making changes for PR reviews * Changing property object of classification field to template * syncing i18n file * Removing inaccurate note from comments * PR fixes for UX review * Cleaning up unused value * Added GlobalClassificationBanner component - Made sure it syncs on change by using normal configuration values on it - Works with "top" and "top_and_bottom" - Renders on both root and admin_console * Adding E2E test cases for global classification * Linter fixes, i18n extract * PR Fixes * Linter fix * Matching default messages * Fixing type errors * Fixing pipeline and runtime errors * Fixing announcementbar rendering on top of global classifications * Increasing banner & font sizes * Fixing font size to 12px instead of 16px - I read it wrong * Replacing config values with property * Test linter fixes * Fixing type errors and go format error * Making changes needed to align with specs - Ensuring system_classification is a separate linked property that differs from the template - Saving the global classification banner values as a propertyvalue * Added missing arguments in e2e tests * Added missing conditions for useEffect - Also fixing E2E error in pipeline * Fixing issues with V1 and V2 group mismatch * Fixes for linter errors and coderabbit review * Addressing more issues found by coderabbit * Fixing issues found by coderabbit * Migrating to use system properties * Ran all linters and prettier - Resolving coding style drift that happened from not running prettier on the webapp (even though CI doesn't check for this) * Undoing the prettier changes in webapp * Cleaning up unwanted autoformatted changes * Reverting prettier changes to clean diff * Fixing E2E test * Import fixes in test * Applying changes for PR feedback * Fixing issues with failing e2e tests * Changing key of selection from name to id * Replacing field setup in E2E tests to use levelId instead of levelName * Added classification setup per channel on channel creation * WIP: Adding classification banner integrated with channel banners - Using a hook to resolve which values should be evaluated when displaying the banner * Fixing style of dropdown input for classifications * Fixing visual issues with dropdown inputs * Adding E2E Tests and linter fixes * General fixes and improvements * Applying linter fixes * Resolving lingering linter issues * Updated snapshot and extracted i18n * Adding test cleanup to prevent failures due to duplicates * Addressing nitpick comment for test mapping of values * Applying more fixes to E2E tests * Improving test coverage and e2e test cleanup * Resolving type issues * Refactoring classification constant names an documentation * Ensuring propertyvalue only stores single id, storing banner text in banner_info * Fixing issues with linter alongside style issues on header * Updating test assertion to account for fallback * Fixing issues found during testing - Removing custom selection from being an option and turned it into a state - Ensuring only system administrators can set channel classification levels * Fixing z-index issue with color input popover * Setting classification level to lowest available value when switching it on * Updating unit tests to match new spec for preselection --------- Co-authored-by: David Krauser <david@krauser.org> Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Co-authored-by: David Krauser <david@kruser.org> Co-authored-by: Mattermost Build <build@mattermost.com>	2026-05-19 00:05:26 +03:00
Carlos Garcia	548183d748	Mm 68282 admin ephemeral mode (#36194) ... * adds feature flag to enable mattermost ephemeral mode * add ephemeral mode config settings to system console When feature flag is set to true a new section for Mobile Ephemeral Mode settings shows under the Mobile Security section in case a valid Enterprise Advanced License is active. * adds Mobile Ephemeral Mode settings playwright tests * improve descriptions for settings * improves error messages and hints * move validation to common helper and add new tests * reverts package-lock.json changes * proper struct alignment * proper message sorting in json file * use generic doc url for MEM section while docs are not ready * Proper formatting for playwright tests * fixes test	2026-05-18 22:23:58 +02:00
Harshil Sharma	f0360a838a	Data spillage report generation UI (#36340) ... * Added base fr report generation * WIP * implemented UI flow * implemented UI flow * restructured the modal code into sub components * Refactoring and cleanup * lint fixes, added new tests * i18n fix * test fix * Updated test * CI * Several improvements * WIP * Added tests * Addressed some security enhancements * Created zip writer entery later * Improved a test to check for file content * Improved error handling * Made a geneeric function * Updated classes * accepting comment in report API * Added more tests * Integrated new API param * Removed an unnecessary check * Made a geneeric function * Made a geneeric function * Made the comment body not required and updated API docs * Updated report generation API call in download report button * Included decision in report and removed confirmation when keeping message * Updated test * Add explicit wait for removeWithoutReportButton visibility in test Prevent race condition by waiting for the button to be visible after UI transitions to skip-confirm step before clicking it. Co-authored-by: Maria A Nunez <maria.nunez@mattermost.com> * PR Feedback * explicitelly added return statement * Included actor details in report * Updated tests --------- Co-authored-by: maria.nunez <maria.nunez@mattermost.com> Co-authored-by: Cursor Agent <cursoragent@cursor.com> Co-authored-by: Mattermost Build <build@mattermost.com>	2026-05-18 20:24:50 +05:30
Maria A Nunez	f067fcde92	MM-66339 Hide empty content-flagging "With comment" section in reviewer DM (#36552) ... * Add Cursor Cloud Agent Docker environment Co-authored-by: Cursor <cursoragent@cursor.com> * Fix Cloud Agent enterprise and Docker access Co-authored-by: Cursor <cursoragent@cursor.com> * Fix Cloud Agent Go path setup Co-authored-by: Cursor <cursoragent@cursor.com> * MM-66339 Stop double-JSON-stringifying content flagging comments The flagPost, removeFlaggedPost, and keepFlaggedPost Client4 helpers were calling JSON.stringify on the comment value before placing it in the JSON request body. When the reporter or reviewer left the optional comment blank, JSON.stringify('') returned the literal two-character string '""', which the server then stored as the comment and embedded in the reviewer DM as 'With comment:\n\n> ""'. Send comment as the plain string instead so an empty comment stays empty and the 'With comment' section is omitted entirely. Co-authored-by: Maria A Nunez <maria.nunez@mattermost.com> --------- Co-authored-by: Nick Misasi <nick.misasi@mattermost.com> Co-authored-by: Cursor <cursoragent@cursor.com>	2026-05-18 16:52:16 +05:30
Ibrahim Serdar Acikgoz	deafd88fd5	MM-68762: Discoverable Private Channels — Server data layer (#36539) ... * MM-68762: Add Postgres migrations for discoverable private channels Three online-safe migrations introduce the schema that supports the Discoverable Private Channels feature (PRs 2-5 of MM-68430 will land behind it): - 000175 adds Channels.Discoverable BOOLEAN NOT NULL DEFAULT FALSE. Metadata-only on Postgres >= 11; no table rewrite. - 000176 creates a partial index on (TeamId) WHERE Discoverable AND Type='P' AND DeleteAt=0 using CREATE INDEX CONCURRENTLY (-- morph:nontransactional) so the build never blocks writes on the populated Channels table. - 000177 creates the ChannelJoinRequests table with three indexes, the important one being the partial unique index on (ChannelId, UserId) WHERE Status = 'pending'. That keeps the full audit history intact while still enforcing at-most-one active pending request per (channel, user). Co-authored-by: Ibrahim Serdar Acikgoz <isacikgoz@users.noreply.github.com> * MM-68762: Add FeatureFlagDiscoverableChannels (default false) Gates the per-channel Discoverable toggle and the channel-join-request flow. Default-OFF so all PRs in the MM-68430 series can land on master without exposing partial UX. Co-authored-by: Ibrahim Serdar Acikgoz <isacikgoz@users.noreply.github.com> * MM-68762: Add Discoverable + ChannelJoinRequest models - Channel gains a Discoverable bool, ChannelPatch a *bool, both serialized as 'discoverable'. Patch() applies it, Auditable() logs it, and IsValid() rejects Discoverable=true on any non-private channel so a misconfigured patch can never produce a public discoverable channel. - New ChannelJoinRequest type captures the per-row state of a non-member's request: pending -> approved | denied | withdrawn. Rows are append-only with reviewer and timestamps so the table is also the audit trail. IsValid() enforces: * recognized status, * Message and DenialReason rune limits, * DenialReason only on denied rows (no orphan reasons), * reviewer + reviewed_at present for any terminal review (approved / denied) but not for self-service withdrawal. - Two new WebSocket event constants -- channel_join_request_created and channel_join_request_updated -- that later PRs broadcast on the admin queue and the requester's My Pending Requests panel. Unit tests cover Patch(), the new IsValid() rule on Discoverable, the PreSave/PreUpdate timestamp behavior on ChannelJoinRequest, and every IsValid branch including the reviewer-required-on-review invariant. Co-authored-by: Ibrahim Serdar Acikgoz <isacikgoz@users.noreply.github.com> * MM-68762: Add discoverable-channel permissions Two new channel-scoped permissions, each independently rebindable from the System Console: - manage_private_channel_discoverability gates the per-channel toggle so admins can restrict who can flip discoverability without also handing out manage_private_channel_properties. - manage_channel_join_requests gates the queue list / approve / deny / count endpoints (added in PR 2). Both are added to the channel_admin role bootstrap so new deployments get them by default, and a new permissions migration (add_discoverable_channel_permissions) grants them to channel_admin, team_admin and system_admin scheme roles on existing deployments. Co-authored-by: Ibrahim Serdar Acikgoz <isacikgoz@users.noreply.github.com> * MM-68762: Add ChannelJoinRequestStore and wire Discoverable into channel store - channelSliceColumns / channelToSlice / updateChannelT now include the new Discoverable column so Save() and Update() round-trip the field. Existing select paths inherit the column automatically because every read goes through channelSliceColumns. - New ChannelJoinRequestStore interface and SQL implementation: Save / Get / GetPendingForChannelAndUser / GetForChannel / GetForUser / Update / CountPending. Save translates the idx_channeljoinrequests_pending_unique partial unique index violation into store.ErrConflict so the app layer (PR 2) can return 409 without re-parsing pq errors. - Storetest suite at storetest/channel_join_request_store.go is invoked from sqlstore via the existing StoreTest harness; covers insert / partial-unique conflict / re-insert after withdrawal / NotFound / status filtering / pagination with TotalCount / Update / CountPending. - Mocks and retrylayer / timerlayer are regenerated via make store-mocks and go generate ./channels/store -- no hand-written generator output. Co-authored-by: Ibrahim Serdar Acikgoz <isacikgoz@users.noreply.github.com> * MM-68762: Add TS types for Discoverable channels + join requests webapp/platform/types: - Channel.discoverable?: boolean alongside existing policy_enforced / policy_is_active so the web client sees the same wire shape the server emits. - ChannelJoinRequest, ChannelJoinRequestStatus, ChannelJoinRequestList, GetChannelJoinRequestsOptions for the API contract surfaced in PR 2. webapp/platform/client: - WebSocketEvents enum gains ChannelJoinRequestCreated and ChannelJoinRequestUpdated so PR 3 can hang WS handlers off them without redeclaring constants. These are model-only updates with no UI consumer yet; PR 3 introduces the toggle, request flow, and admin queue surfaces. Co-authored-by: Ibrahim Serdar Acikgoz <isacikgoz@users.noreply.github.com> * MM-68762: Split ChannelJoinRequests indexes into concurrent migrations The mattermost-govet concurrentIndex lint check enforces CREATE INDEX CONCURRENTLY on every CREATE INDEX statement, even on an empty freshly-created table where it would be a no-op. The original 000177 file inlined three CREATE INDEX statements; that failed check-style. Mirror the convention used by 000166_create_views + 000167_create_views_channel_id_delete_at_index: keep the CREATE TABLE in its own (transactional) file, and move each index into a separate nontransactional file that runs CREATE INDEX CONCURRENTLY. Verified locally against Postgres 15 that all four new migrations apply in order and the storetest suite (partial unique constraint + paged list + count) still passes. Co-authored-by: Ibrahim Serdar Acikgoz <isacikgoz@users.noreply.github.com> * MM-68762: Wire new permission migration into test fixtures Two CI test surfaces missed when the channel_admin role and the permission-migration list gained the new manage_private_channel_discoverability and manage_channel_join_requests entries: - testlib/store.go: the shared mocked SystemStore used by SetupWithStoreMock / SetupEnterpriseWithStoreMock needs an explicit GetByName expectation for every migration key (because the mock panics on unexpected calls). Add the new MigrationKeyAddDiscoverableChannelPermissions key so TestCreateOrUpdateAccessControlPolicy, the elasticsearch aggregation_job_test, and every other mock-store test stop panicking on server bootstrap. - cmd/mmctl/commands/permissions_test.go: TestResetPermissionsCmd hard-codes the channel_admin default permission list and expects PatchRole to be called with exactly that slice. Extend the expected slice with the two new permission ids so the mmctl reset path stays in sync with the role bootstrap. Co-authored-by: Ibrahim Serdar Acikgoz <isacikgoz@users.noreply.github.com> * MM-68762: Register new idx_channels_discoverable_team in TestGetSchemaDefinition The schema-dump test asserts an exact index count and definition map for the channels table. Migration 000176 added idx_channels_discoverable_team — a partial btree on (teamid) gated by discoverable=true AND type='P' AND deleteat=0. Bump the expected count from 12 to 13 and add the index's CREATE INDEX definition as produced by pg_indexes (note: type is cast to channel_type, the existing domain). Verified locally against Postgres 15. Co-authored-by: Ibrahim Serdar Acikgoz <isacikgoz@users.noreply.github.com> * MM-68762: Fix golangci-lint findings in ChannelJoinRequest store Two golangci-lint findings on the freshly-added files: - sqlstore/channel_join_request_store.go:133 (modernize): collapse the 'if page < 0 { page = 0 }' clamp into max(opts.Page, 0). - storetest/channel_join_request_store.go:243 (govet shadow): the inner Save loop redeclared err with :=, shadowing the outer err captured from the first CountPending call. Switch to plain assignment so the same err is reused. Verified locally with golangci-lint v2.11.4 across public/..., channels/app/..., channels/store/..., channels/testlib/... and cmd/mmctl/commands/... — 0 issues. Co-authored-by: Ibrahim Serdar Acikgoz <isacikgoz@users.noreply.github.com> * MM-68762: Sync channel_admin bootstrap with TestDoAdvancedPermissionsMigration app_test.go pins the exact list of permissions the channel_admin role is expected to hold after DoAdvancedPermissionsMigration completes. The role bootstrap in role.go grew two entries (manage_private_channel_discoverability and manage_channel_join_requests), so the test's expected slice needs the same two entries appended in the same order, otherwise assert.Equal fails on slice ordering. This is the same class of fix as the mmctl/permissions_test.go change in a previous commit -- two parallel test fixtures encode the channel_admin defaults and have to be updated in lockstep with the bootstrap. Co-authored-by: Ibrahim Serdar Acikgoz <isacikgoz@users.noreply.github.com> * MM-68762: Add English translations for new model error keys 12 keys were emitted by the new Discoverable + ChannelJoinRequest validation paths but had no en.json entry, which trips i18n-check on CI. Add the missing entries with one-line English copy that mirrors adjacent model errors (Invalid <field>., Create at must be a valid time., etc.). The new entries are: - model.channel.is_valid.discoverable.app_error - model.channel_join_request.is_valid.channel_id.app_error - model.channel_join_request.is_valid.create_at.app_error - model.channel_join_request.is_valid.denial_reason.app_error - model.channel_join_request.is_valid.denial_reason_status.app_error - model.channel_join_request.is_valid.id.app_error - model.channel_join_request.is_valid.message.app_error - model.channel_join_request.is_valid.reviewed_by.app_error - model.channel_join_request.is_valid.reviewer.app_error - model.channel_join_request.is_valid.status.app_error - model.channel_join_request.is_valid.update_at.app_error - model.channel_join_request.is_valid.user_id.app_error Generated through 'make i18n-extract'; verified clean with 'make i18n-check'. Per the workspace rule, only en.json was modified -- no other locale files. Co-authored-by: Ibrahim Serdar Acikgoz <isacikgoz@users.noreply.github.com> * MM-68762: Address CodeRabbit review: stable pagination + redact denial reason from audit log Two production-code findings from CodeRabbit on the freshly-added ChannelJoinRequest server code: - sqlstore/channel_join_request_store.go (GetForChannel / GetForUser): OrderBy("CreateAt DESC") alone is unstable when two rows share a millisecond (NewId is monotonic-ish but CreateAt is millisecond resolution), so offset paging could duplicate or skip rows between pages. Add Id DESC as a deterministic tie-breaker on both list queries. - model/channel_join_request.Auditable: the denial reason is admin-typed free text and could carry sensitive content. Mirror the existing has_message pattern by emitting has_denial_reason as a boolean presence flag instead of the raw value. Reviewer id, review timestamp, and status are still logged, so the audit trail keeps every piece needed for compliance review. Co-authored-by: Ibrahim Serdar Acikgoz <isacikgoz@users.noreply.github.com> * MM-68762: Tighten model tests per CodeRabbit review Two test-only findings from CodeRabbit: - TestChannelJoinRequestPreUpdateAdvancesUpdateAt previously asserted GreaterOrEqual(r.UpdateAt, originalCreate). Because validRequest initialises UpdateAt to GetMillis() (same call site as CreateAt), a no-op PreUpdate would still pass that check. Seed r.UpdateAt = 1 before calling PreUpdate() and assert Greater(r.UpdateAt, int64(1)) so any regression that drops the GetMillis assignment fails the test. - TestChannelIsValidDiscoverable did not cover ChannelTypeGroup. Add the case alongside ChannelTypeOpen and ChannelTypeDirect so the contract that 'only ChannelTypePrivate accepts Discoverable=true' is fully pinned across all four channel types. Co-authored-by: Ibrahim Serdar Acikgoz <isacikgoz@users.noreply.github.com> * MM-68762: Mock ChannelJoinRequest accessor in retrylayer test retrylayer_test.go's genStore() helper mocks every Store() accessor because retrylayer.New() wraps the entire surface. The new ChannelJoinRequest() method I added on Store was missing from the mock, so TestRetry/on_regular_error_should_not_retry panicked with 'Unexpected Method Call ChannelJoinRequest()' on Postgres shard 0. Add the mock alongside the other accessors. No production code change. Co-authored-by: Ibrahim Serdar Acikgoz <isacikgoz@users.noreply.github.com> --------- Co-authored-by: Cursor Agent <cursoragent@cursor.com> Co-authored-by: Ibrahim Serdar Acikgoz <isacikgoz@users.noreply.github.com>	2026-05-15 21:04:32 +02:00
Maria A Nunez	6aae94f20b	Add Display Name to User Properties in Webapp (#36363) ... * Phase 1: CPA display_name + CEL-safe name validation (server) - Add typed DisplayName field to CPAAttrs + display_name attr key constant. - Add ValidateCPAFieldName helper enforcing CEL IDENTIFIER + reserved-word blacklist. - Wire validation into App.CreateCPAField (always) and App.PatchCPAField (lenient grandfather: skip when Name unchanged). - Trim + 255-rune cap DisplayName in CPAField.SanitizeAndValidate. - Developer-facing godoc note documenting rule, sources of truth, and Option C scoping. - Asserting test for documented Option C plugin-API bypass (closed by PR #36173). Spec: planner/projects/property-display-name/ideas/001-cpa-display-name/spec.md Plan: .planning/phase-1/PLAN.md Made-with: Cursor * Phase 1 (review): address Reza's Major + Minor findings - Rename misleading subtest "empty DisplayName is omitted from attrs" to "empty DisplayName round-trips as empty string" (Major #1). - Add TestCPAAttrs_JSONOmitEmpty pinning the omitempty wire-format contract that PR #36173's typed-attrs strategy relies on (Major #1). - Extend TestValidateCPAFieldName: case-sensitivity (IN/In ok), single-character names (a/_/A ok), missing "as" reserved word (Minor #2). Add whitespace-only DisplayName case (Minor #2). - Document PropertyFieldNameMaxRunes reuse in SanitizeAndValidate to prevent drift (Minor #3). - Replace broken PLAN-server.md reference in bypass-test docstring with in-tree CPAAttrs godoc reference (Minor #4). - Document omitempty semantics on CPAAttrs.DisplayName field to prevent the same misreading caught in review (Minor #5). - Document grouping intent above CPAFieldNameReservedWords (Minor #8). Review: .planning/phase-1/REVIEW.md Made-with: Cursor * Phase 2: in-app backfill migration for CPA display_name - Add cpaDisplayNameBackfillKey + cpaDisplayNameBackfillVersion constants. - Implement (*Server).doSetupCPADisplayNameBackfill: idempotent, cursor-paged scan over CPA group fields; backfill attrs.display_name = name when empty. - Register in m1 migration slice in doAppMigrations (mlog.Fatal on error, matching existing convention). - Three migration tests: NoExistingFields, BackfillsMissing, Idempotent. System-key idempotency + per-field DisplayName-empty check together provide HA-safe behavior on rolling deploys (last-write-wins on the System key; data-level idempotency from the per-field check). Spec: planner/projects/property-display-name/ideas/001-cpa-display-name/spec.md Plan: .planning/phase-2/PLAN.md Made-with: Cursor * Phase 2 (review): document race + harden idempotency test - Document SearchPropertyFields→UpdatePropertyFields rolling-deploy race: stale snapshot can revert concurrent admin CPA rename. Pre- existing systemic shape (no UpdateAt optimistic-lock); narrow window; bounded blast radius (admin re-rename, ABAC ID-keyed). Accepted limitation per spec Out of Scope (Major #1, Option C). - Tighten TestCPADisplayNameBackfill_Idempotent: snapshot UpdateAt before second run; assert no DB write on the System key or the field row (Major #2). - Extract clearCPABackfillMarker helper with explanatory godoc to centralize the 3x-repeated test precondition (Minor #1). - Comment fieldA seed as the "key-present-as-empty-string" idempotency boundary case (Minor #6). - Add godoc to doSetupCPADisplayNameBackfill (Minor #10). Review: .planning/phase-2/REVIEW.md Made-with: Cursor * Linting * Removing unnecessary comments * Clean up tests * Linting * Fix tests * Updated API doc * Phase 3: webapp helper + render-site migration for CPA display_name - Add display_name?: string to UserPropertyField.attrs type. - New getUserPropertyFieldLabel(field) helper: returns attrs.display_name?.trim() || name. Defensive against missing attrs. - Migrate ~10 user-facing CPA-name render sites to the helper: profile popover, user settings general (4 usages incl. line 1673 missed by high-level plan), admin user detail, admin CPA list (2 usages), and ABAC editor's selected-attribute UI (3 usages incl. the button label found in planning-stage research). - CEL paths (table_editor, attribute_selector_menu user.attributes expression construction, ABAC search filters) keep using `name` per spec — display_name is label-only. - Phase 4 boundary marker: TODOs in admin table + delete modal for follow-up admin-edit UX + client-side validator. Spec: planner/projects/property-display-name/ideas/001-cpa-display-name/spec.md Plan: .planning/phase-3/PLAN.md * Phase 3 (review): add Unicode test + correct helper docblock scope Address Reza's Phase 3 review: - Major #1: add missing test case for non-ASCII display_name (Latin-extended + CJK), pinning the trim/passthrough contract. - Nitpick #3: correct the helper's JSDoc to reflect that the delete modal is intentionally not migrated until Phase 4. No production behavior change. No new dependencies. Made-with: Cursor * Phase 4: admin CPA edit UX + client-side identifier validation Made-with: Cursor * docs: append Phase 4 implementation summary Made-with: Cursor * Phase 4: admin CPA edit UX + client-side identifier validation Complete the Phase 4 takeover from the existing dirty worktree and record the verified Stage 2 scope for admin CPA display-name editing, client-side identifier validation, and the required grandfather regression follow-ups. Document the targeted Jest, typecheck, and lint-equivalent validation results in the Phase 4 plan without widening the implementation scope or rewriting the prior in-scope work. Made-with: Cursor * docs: finalize Phase 4 implementation summary Made-with: Cursor * docs: correct Phase 4 summary commit reference Made-with: Cursor * Phase 4 (review): fix empty-name warning precedence Required-name validation now short-circuits before uniqueness checks so empty identifiers keep the correct warning. Add duplicate collision regression coverage for the dot-menu flow and add a stable validation-error testid for Phase 5 automation. Made-with: Cursor * Test updates * Fix merge issue * Fix tests * PR Feedback * Move migration to PropertyService * Updates to UX * Comment cleanup * Add webapp tests for CPA display_name and fix CEL-affected specs Update E2E seeds to use CEL-safe identifiers with display_name, add ABAC selector spec, and extend Jest coverage for label-rendering sites, auto-fill guard rails, and required-warning suppression. Co-authored-by: Cursor <cursoragent@cursor.com> * Remove .planning/phase-4/PLAN.md This planning artifact was committed inadvertently and should not be part of the codebase. Co-authored-by: Cursor <cursoragent@cursor.com> * Address CodeRabbit review comments - Fix e2e test to use display_name in label assertions - Make getIncrementedCELName case-insensitive to prevent collisions - Update tooltip to mention reserved CEL words - Replace hasSpaces check with full CEL identifier validation - Use CPA_FIELD_NAME_MAX_RUNES for consistent maxLength - Fix race condition by removing global cleanupAllFields - Enable IntegratedBoards flag for legacy field seeding - Replace fixed sleeps with state-based waits in tests Co-authored-by: Maria A Nunez <maria.nunez@mattermost.com> * Fix linting errors in getIncrementedCELName - Use camelCase for destructured delete_at parameter - Place dots on same line for method chaining Co-authored-by: Maria A Nunez <maria.nunez@mattermost.com> * Remove unused imports in user_attributes_display_name.spec.ts - Remove unused deleteCustomProfileAttributes import - Remove unused getFieldsMap function - Remove unused FieldsMap type Co-authored-by: Maria A Nunez <maria.nunez@mattermost.com> * Fix webapp test failure - remove htmlFor assertion The htmlFor attribute assertion was failing in the test environment, likely due to a testing library issue. The important functionality (displaying display_name in labels) is still properly tested. Co-authored-by: Maria A Nunez <maria.nunez@mattermost.com> * Fix post-merge CI failures: i18n drift and Playwright Prettier - Re-extract webapp en.json so the identifier tooltip string matches user_properties_table.tsx (source of truth was already shortened in Phase 4; en.json was not regenerated). - Apply Prettier formatting to three CPA display_name Playwright specs (whitespace and import/expression collapsing only). No test logic changes. Co-authored-by: Cursor <cursoragent@cursor.com> * Address CodeRabbit feedback: use stable locators, add reserved words to tooltip, remove regex from hasText Co-authored-by: Maria A Nunez <maria.nunez@mattermost.com> * Fix i18n drift: align defaultMessage with en.json for identifier tooltip Co-authored-by: Maria A Nunez <maria.nunez@mattermost.com> * Comment cleanup * Slugify CPA duplicate names to snake_case slugifyForCEL now lowercases and inserts underscores at camel/PascalCase boundaries (e.g. MyField -> my_field, XMLParser -> xml_parser) so duplicated CPA fields get conventional snake_case names instead of preserving the source casing. Co-authored-by: Cursor <cursoragent@cursor.com> * UX improvements: CEL identifier tooltip, validation, and attribute picker dual-name display - Add info tooltip to the Attribute column header explaining CEL identifier rules - Add client-side CEL identifier validation (pattern + reserved words) with a descriptive error message - Show both display name and unique identifier in the policy attribute picker - Filter attribute picker search by both display name and unique name - Add display_name to UserPropertyField attrs TypeScript type - Expand "CEL" to "Common Expression Language (CEL)" in the attribute-spaces tooltip Co-authored-by: Cursor <cursoragent@cursor.com> * Linting * PR Feedback * Restore name limit * Fix tests * Revert stray comment block above TestCPADisplayNameBackfill_BackfillsProtectedSourceOnlyField Co-authored-by: Maria A Nunez <maria.nunez@mattermost.com> * Revert extended fieldA comment in TestCPADisplayNameBackfill_BackfillsMissing Co-authored-by: Maria A Nunez <maria.nunez@mattermost.com> * Fix E2E tests * Fix test --------- Co-authored-by: Mattermost Build <build@mattermost.com> Co-authored-by: Cursor <cursoragent@cursor.com>	2026-05-15 12:18:31 -04:00
Joshua D Schoep	d8612e378f	[MM-2541] Shortcut to mark all channels as read for a team (#34012) ... * feat(webapp): added keyboard shortcut for Mark All As Read (MM-2541) - Added shortcut (within sidebar) for Shift+ESC to mark _all_ messages, teams as read - Desktop only - Added feature toasts for new features and localStorage support - Added feature toast for mark-all-as-read feature - Should decide when/how people want this shown, I just followed designs - Will only show if the user has not clicked 'Got it' before, and is not on mobile - Added confirmation modal for mark all as read shortcut - Contains option to not show again, saved in localStorage - Added English translations for read shortcut - Will need i18n aid on other languages This is a draft version of this feature update that still needs testing and i18n support, along with a11y validation. * feat(webapp): feature flags and fixes for mark all as read shortcut - Added feature flags surrounding rollout of mark-all-as-read shortcut - Added shortcut to list of shortcuts in help section - Extended tests for new components - Updated snapshot for sidebar_list, keyboard_shortcuts_modal - Fixed styling and CSS issues Still in draft, needs documentation and e2e support. * fix(webapp): fixed some issues with new mark-all-read feature - Scoped persistent storage to current user ID so that subsequent new logins also get the notification - Replaced LocalStorage calls with useGlobalState calls, sad that I missed that this updated call was being used. - Fixed an issue that would have caused the new shortcut to show up in the Help menu's shortcuts without being enabled. * Fixed a snapshot test and a missing i18n member * Replaced useGlobalState with backend-ready usePreference. Previous version was just a mistake as we didnt know about the supported API * fix(server): fix lint issue with gofmt * feat(server,webapp): added cleaner and more effective method with which to mark-all-read - Added 2 new routes to the API (need to find docs to update those): - `PUT /api/v4/channels/members/<userId>/direct/read` will mark a user's non-team DMs and GMs as read - `PUT /api/v4/users/<userId>/teams/<teamId>/read` will do a similar action as the multi-channel mark_read action, but with a teamId signifier. Because this is using a teamId, it will _not_ handle DMs or GMs. - Updated sidebar_list.tsx to use these new routes for the new shortcut - Added extensive testing, including feature flag assurance. * fix from upstream changes * fix: eslint errors in teams actions * document new API endpoints * fix i18n * fix err id * remove unused localhost methods * use ShortcutKey and ShortcutSequence * feature_enhancements, mark as read toast enchancements * read all modal mount point, use openModal * use handler * fix style * fix: fix refactoring typo * Merge fix: realign branch with upstream changes Upstream MM-67319/MM-67320 (#36037) moved ShortcutKey and WithTooltip into the shared package and rewrote the keyboard shortcuts test to snapshot real DOM instead of a react-test-renderer tree. The merge resolution missed several follow-on consequences; clean them up so the branch builds, type checks, lints, passes i18n-extract-check and runs without throwing at mount. - Port the inline-content variant from the deleted channels-side shortcut_key.scss to the new shared shortcut_key.css. - Refresh the keyboard_shortcuts_sequence snapshot so it matches Testing Library's container output (DOM only, no component nodes, class= not className=). - Repoint mark_all_as_read_modal and mark_all_as_read_toast at components/shortcut_key for ShortcutKeys and use ShortcutKeys.escape; the channels-side with_tooltip is now a thin re-export and the field was renamed in the shared keys map. Without this both consumers threw "Cannot read properties of undefined" at mount. - Switch mark_all_as_read_toast's UserAgent import to @mattermost/shared/utils/user_agent; the channels-local utils/user_agent path no longer resolves. - Drop the orphan mark_all_threads_as_read_modal.cancel string from en.json so formatjs extraction is in sync. * Clean up TestReadAllInTeam Drop four lines left from debugging and replace them with a real assertion: LastViewedAtTimes must contain the test channel with a value at or after the most recent post. Update three client.GetChannel calls to the (ctx, id) signature; the prior etag argument no longer compiles after upstream removed it. * Use SelectBuilder for team channels query GetTeamChannelsWithUnreadAndMentions built a squirrel query and then manually called ToSql before handing the string+args to GetReplica().Select. SelectBuilder accepts the builder directly and removes the intermediate dance, matching the pattern used elsewhere in this store. * Mark all team-channel threads on team read MarkTeamChannelsAndThreadsViewed used Thread().MarkAllAsReadByTeam unconditionally, writing every thread membership in the team for the user even when nothing was stale. Scoping the call to channelsToView (channels with unread channel-level messages) would have closed the perf concern but introduced a regression: in CRT mode a thread reply does not bump the channel's TotalMsgCount, so a channel can be read at the channel level while still having unread thread replies, and those would have been silently skipped. Build the channel-id list from the keys of the times map instead. GetTeamChannelsWithUnreadAndMentions already populates that map for every team channel the user belongs to, so no extra query is needed. MarkAllAsReadByChannels then filters the actual UPDATE through its LastReplyAt > LastViewed clause, keeping writes bounded to genuinely stale rows. Gate the channel-level work (UpdateLastViewedAt, push clearing, the MultipleChannelsViewed event) on channelsToView being non-empty, but always run the thread mark and broadcast ThreadReadChanged for every team channel so CRT clients refresh thread state in channels that had no channel-level change. * Mark mark-read audit records as success The handlers for mark all DM/GM and mark team read created an audit record with status Fail and never updated it on success, so successful calls were always logged as failures. * Mark all DM/GM threads on full read MarkAllDirectAndGroupMessagesViewed early-returned when no channel had unreads, so followed threads in DMs/GMs whose channel-level counters were already current stayed unread under CRT. Mirror MarkTeamChannelsAndThreadsViewed and call MarkAllAsReadByChannels for every DM/GM in times. * Polish DM/GM channels-with-unreads query Use model.ChannelTypeDirect/Group constants instead of bare "D"/"G" literals, and update the error wrap to mention DM/GM channels (it was copied from the team variant). * Fix stale ReadAllMessages godoc * Type last_viewed_at_times as int64 map in OpenAPI The response field was declared as a generic object. Add additionalProperties so generated clients see it as a channelId -> int64 timestamp map. * Gate MarkAllAsReadToast mount on feature flag The toast was mounted unconditionally, so its async chunk loaded even when EnableShiftEscapeToMarkAllRead was off. Gate the mount with the flag so the chunk only loads when the feature is on. * Return data from markAllInTeamAsRead thunk Match the {data: response} shape used by adjacent thunks instead of returning {}, so callers can read the API payload. * Coerce undefined suffix in createStoredKey createStoredKey('foo') returned 'fooundefined' when the suffix arg was omitted. Coerce a missing suffix to ''. * Refactor mark-read websocket events * Polish DM/GM channels-with-unreads query * Fix import order in shortcut_key consumers * Fix CI --------- Co-authored-by: Mattermost Build <build@mattermost.com> Co-authored-by: Jesse Hallam <jesse@mattermost.com> Co-authored-by: Caleb Roseland <caleb@calebroseland.com> Co-authored-by: Alejandro García Montoro <alejandro.garciamontoro@gmail.com>	2026-05-13 16:38:30 +00:00
Andre Vasconcelos	6083cc2282	MM-68196 Adding Global Classification configuration and banners (#36231) ... * Add Classification Markings admin console page Adds a new admin console page under Site Configuration for managing classification markings. This allows system administrators to define classification levels (e.g., UNCLASSIFIED, SECRET, TOP SECRET) with associated colors and rank ordering, which will be used for system-wide and per-channel classification banners. The page includes: - Enable/disable toggle backed by the property field system (field existence = enabled) - Country preset dropdown (US DoD, NATO, UK GSCP, Canada, Australia PSPF) that auto-fills standard classification levels - Editable classification levels table with drag-and-drop reorder, inline text editing, color picker, and delete - Auto-switch to "Custom" preset when levels are manually modified - Confirmation dialog when switching presets would overwrite custom data Also adds: - ClassificationMarkings feature flag (default off) - Generic property field client methods (get/create/patch/delete) for the /api/v4/properties/ endpoints - Enterprise license + feature flag gating on the admin page Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * Fix classification markings: add validation, error handling, and system object type - Add "system" as a valid property field object type so the classification markings API calls succeed - Surface load errors instead of silently swallowing them (only suppress 404 for unconfigured state) - Validate before save: require at least one level, non-empty names, and no duplicates - Default to custom preset with empty levels on first open - Add section strings to searchableStrings for admin console search Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * Move classification field to CPA group targeting users Store the classification markings property field in the custom_profile_attributes group with object_type 'user' instead of the attributes group with object_type 'system'. Clear target_id for PSAv2 system target compliance and mark the field as admin-managed. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * Stabilize preset option IDs and add danger warning on preset switch Hardcode deterministic IDs for all preset classification levels so switching away and back preserves option IDs, preventing orphaned property values. Compare only level data (not preset label) for change detection so cosmetic preset switches don't trigger false save states. Show a danger modal with red confirm button when changing presets on an existing field, warning about system-wide impact on classified resources. The warning appears once per session then allows frictionless switching. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * Remove system object type from property fields Not needed yet — will be added when system/channel banners are implemented. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * Fix ESLint errors in classification markings admin page Fix import ordering and remove unused generateId import. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * Address CodeRabbit review feedback for classification markings - Register property field API endpoints when ClassificationMarkings flag is enabled (not just IntegratedBoards) to prevent 404s - Preserve preset option IDs when creating a new classification field instead of blanking them with empty strings - Add sysconsole read/write permission constants for classification markings across server and webapp, and wire up resource-level permission checks in the admin definition Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * Add rank attribute to classification marking options Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * Add classification markings permissions migration and read-only support Add a permissions migration to grant classification markings sysconsole permissions to existing roles on upgrade. Wire up the disabled prop so read-only users can view but not edit classification settings. Register the permission in the Delegated Granular Administration UI. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * Paginate loadField to find classification field beyond first page Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * Fix lint errors and warnings in classification markings Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * Remove classification markings sysconsole permissions; gate on sysadmin instead Classification markings admin page no longer uses feature-specific read/write permissions. Visibility is gated on license + feature flag, editing is gated on system admin role. This avoids coupling feature-specific permissions to the generic property service. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * Set sysadmin-level permissions on classification markings field creation Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * Use stable IDs instead of array indices for classification level operations Switch updateLevel/deleteLevel to identify levels by ID rather than index, sort levels by rank on load, and extract i18n strings. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * Refactor classification markings into extracted helper functions Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * Add tests for classification markings admin console feature Add unit and component tests covering: - Pure function tests for detectPreset, optionsToLevels, levelsToOptions, processClassificationField, and fetchClassificationField pagination logic - React component tests for rendering states, validation, and user interactions - Client4 property field method tests for URL construction and HTTP verbs - Server routing test verifying routes register with ClassificationMarkings flag - Feature flag default and serialization test Export pure functions from classification_markings.tsx to enable direct testing. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * Fix lint errors in classification markings tests Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * Fix test compilation error * Fix color input auto-filling after 3 hex characters in classification markings Buffer ColorInput onChange in a LevelColorCell wrapper so the table doesn't re-render mid-typing, preventing the input from losing its focus-guarded local state. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * Fixing style issues with color picker z-index * Added fix to prevent immediate dismissal when clicking inside color picker * Adding E2E test suite for configuration * Removing duplicates * Fixing unrelated linter error * Fixing test linting issues * Updating tests to skip appropriately * Matching configuration to UX specs * Fixing style lint * Added informational banner for presentational nature of markings * Enabling the markings flag on playwright server * Added missing feature flag to e2e test environment in ci * Reverting changes to color_input - Not needed as we're using a custom component * Added and polished global banner configuration * Refactoring webapp for readability - Separating components - Adding unit tests - Isolating helper methods into utilities * Fixing linter errors * linter fix * Manually fixing linter issues * Separating global classification component * Added persistence of classification marking configuration * Changing LevelID with LevelName * Making changes for PR reviews * Changing property object of classification field to template * syncing i18n file * Removing inaccurate note from comments * PR fixes for UX review * Cleaning up unused value * Added GlobalClassificationBanner component - Made sure it syncs on change by using normal configuration values on it - Works with "top" and "top_and_bottom" - Renders on both root and admin_console * Adding E2E test cases for global classification * Linter fixes, i18n extract * PR Fixes * Linter fix * Matching default messages * Fixing type errors * Fixing pipeline and runtime errors * Fixing announcementbar rendering on top of global classifications * Increasing banner & font sizes * Fixing font size to 12px instead of 16px - I read it wrong * Replacing config values with property * Test linter fixes * Fixing type errors and go format error * Making changes needed to align with specs - Ensuring system_classification is a separate linked property that differs from the template - Saving the global classification banner values as a propertyvalue * Added missing arguments in e2e tests * Added missing conditions for useEffect - Also fixing E2E error in pipeline * Fixing issues with V1 and V2 group mismatch * Fixes for linter errors and coderabbit review * Addressing more issues found by coderabbit * Fixing issues found by coderabbit * Migrating to use system properties * Ran all linters and prettier - Resolving coding style drift that happened from not running prettier on the webapp (even though CI doesn't check for this) * Undoing the prettier changes in webapp * Cleaning up unwanted autoformatted changes * Reverting prettier changes to clean diff * Fixing E2E test * Import fixes in test * Applying changes for PR feedback * Fixing issues with failing e2e tests * Changing key of selection from name to id * Replacing field setup in E2E tests to use levelId instead of levelName --------- Co-authored-by: David Krauser <david@krauser.org> Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Co-authored-by: David Krauser <david@kruser.org> Co-authored-by: Mattermost Build <build@mattermost.com>	2026-05-11 21:35:38 +03:00
Caleb Roseland	7e1bec4d4f	MM-68233: Fix sidebar icon not updating on channel privacy conversion via WS (#36006) ... * fix(channels): update sidebar icon when channel converted via mmctl The handleChannelConvertedEvent WebSocket handler hardcoded type as PRIVATE_CHANNEL, so private-to-public conversions were silently ignored. Now the server includes channel_type in the channel_converted WS event and the frontend reads it. Ref: MM-68233 * test(channels): add tests for channel_converted WS event Add server-side tests verifying the WebSocket event payload includes channel_type for both private→public and public→private conversions. Add frontend tests for handleChannelConvertedEvent covering both conversion directions, backwards compatibility fallback when channel_type is absent, and edge cases. Ref: MM-68233 * test(channels): add E2E test for channel privacy WS icon update Playwright E2E tests verify that the sidebar channel icon updates in real-time when channel privacy is changed via the API (simulating mmctl). Tests both public→private and private→public directions. Ref: MM-68233 * refactor: review feedback on channel_converted fix Narrow channel_type WS field to 'O' | 'P' union type instead of string. Drop hardcoded channel names in E2E tests to let pw.random.channel() generate unique names and avoid collisions. Ref: MM-68233 * fix(e2e): provide name + unique flag for channel creation pw.random.channel() requires a name field — server rejects channels without a valid lowercase alphanumeric name. Use unique: true to append a random suffix for test isolation. Ref: MM-68233 * refactor(channels): use channel type constants in channel_converted code Address review feedback: replace inlined 'O'/'P' string literals with predefined constants. websocket_messages.ts now types channel_type as ChannelType (already imported); websocket_actions tests use Constants.OPEN_CHANNEL / Constants.PRIVATE_CHANNEL. --------- Co-authored-by: Mattermost Build <build@mattermost.com>	2026-05-11 13:37:19 +02:00
Daniel Espino García	55496c07c1	Update API docs (#36302) ... * Update API docs * Coderabbit comments * Address feedback * Address feedback * Coderabbit feedback	2026-05-11 12:29:25 +02:00
Devin Binnie	69fbaeced9	[MM-68496] Feature flag Managed Categories, expose Default Category Name to UI for channel creation and settings (#36289) ... * [MM-68496] Feature flag Managed Categories, expose Default Category Name to UI for Channels * PR feedback * PR feedback * Fix i18n * Fix test * Fix E2E * Merge'd * Add tests * Re-add old tests (skipped) * Add IncrementVersion to PropertyGroup store, increment version on managed category group * Fix lint * Fix mock * Fix prettier * Add tests * Fixed issue when moving from existing category to existing category * Fix e2e --------- Co-authored-by: Mattermost Build <build@mattermost.com>	2026-05-07 09:37:53 -04:00
Harrison Healey	10ad2505a7	Split out buttonClassNames utility and use for most places Button isn't (#36328) ... * Split out buttonClassNames utility and use for most places Button isn't * Update StartTrialBtn to use buttonClassNames Ideally, we'd: 1. Use Button, but that requires sorting out the one case that overrides btnClass entirely. 2. Use a button for all of these since none of these should have a link role, but that's outside of the scope of this ticket. * Update another new button to use Button	2026-05-06 17:35:10 -04:00
Harrison Healey	e898ccdf3d	MM-68397 Add shared package to STYLE_GUIDE.md (#36425) ... * MM-68397 Add shared package to STYLE_GUIDE.md and CLAUDE.OPTIONAL.md * Add webapp/AGENTS.md	2026-05-06 13:15:40 -04:00
Harrison Healey	076beaff52	Update interdependency between packages to 11.8.0 (#36449) ... * Update interdependency between packages to 11.8.0 * Fix bad merge upstream	2026-05-06 10:46:10 -04:00
Harrison Healey	34ef034dd9	MM-68261 Add Button component to shared package (#36191) ... * Add initial version of Button * Use Button in ConfirmModal * Use Button in easy places that use className='btn btn-primary' This is everywhere that I could just replace `<button className='btn btn-primary'>` with `<Button emphasis='primary'>` (and some other emphasis versions) without any additional changes. There's still more places where this could be used which require more in-depth changes that will be in a following commit. * Use Button in place of divs with className='btn btn-primary' This is a minor functional change because these elements are now accessible. * Use Button in SpinnerButton This is removing some usage of a save-button CSS class that doesn't seem to affect these components. * Replace RB Button with our Button There's a small functional change here because the copy button in the header of the FullLogEventModal is now styled when it wasn't before. * Use Button in many places which used btn-secondary, btn-tertiary, and btn-danger This removes some CSS classes from some different elements, but as elsewhere, those CSS classes don't actually do anything. I think some might have had a purpose once, but there seems to be quite a few that were copied around during previous, possibly AI-assisted refactors. * Use Button in many places in System Console Notably, this includes: 1. Cleaning up some complicated logic in PurchaseLink/RenewalLink for determining their styling. 2. Making some minor functional changes in ChannelProfile/TeamProfile because they didn't use standard CSS classes previously. The styles mostly match a secondary button, but they had slightly different padding and colours previously. 3. I also removed a workaround for an old issue with OverlayTrigger and disabled buttons in favour of just using the disabled attribute. For more information on the previous code, see https://github.com/mattermost/mattermost-webapp/pull/10387. Based on some brief testing, that's no longer needed. * Use Button in MultiSelect and remove unneeded backButtonClass prop Everything that used that prop either passed the tertiary class that was the default or passed a class that didn't exist. * Use Button in more places that used btn-primary/secondary/tertiary/quaternary * Use Button in more places that used btn-danger * Use Button for all buttons with a className starting with 'btn btn-...' * Migrate anchors that really should've been buttons to Buttons All of these are anchors with click handlers and the btn class, so they'd appear as buttons anyway. * Migrate SettingItemMax and SettingPicture to Button * Use Button in BrowseChannels * Use Button in TourTip * Migrate GenericModal to Button There's a minor UX change due to the old `delete` class having a slightly different colour from `btn-danger`, but I think that was from an older version of the default themes. Ideally, we'd remove the `GenericModal__button`, `confirm`, and `delete` classes from the buttons on that modal, but doing that would require changes to a large number of E2E tests that I'd rather not do now. * Change order of building packages in postinstall * Fix move_thread E2E tests * Coderabbit feedback * Address feedback * Add JSDoc comments and remove width prop I don't think we need this since this should be set by a parent with `display: flex`, so I'm not going to add it to the Button. * Share Button with plugins	2026-05-06 09:38:16 -04:00
Guillermo Vayá	ecf8a741ac	Add unread badge to Recaps sidebar link (#36246) ... * Add unread badge to Recaps sidebar link Shows the count of unread finished recaps (completed or failed) on the LHS Recaps link. Pending and processing recaps are excluded so the badge only reflects work the user can actually read. When any unread recap has failed, the badge is colored as an error to surface the failure. The badge updates live through the existing recap_updated WebSocket event, which refreshes the recap in the Redux store. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * Fix Recaps failed-badge color losing to active sidebar rule The failed-badge modifier selector had the same specificity (0,4,0) as `.channel-view .sidebar--left .active .badge` in _badge.scss, so when the Recaps link was the active route the global mention background color won on cascade order. Scope the rule with `#SidebarContainer` so it wins on specificity (1 id + 4 classes) regardless of active state. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * Fix Recaps badge selector memoization getUnreadFinishedRecapsBadge was keyed off getAllRecaps, which is not memoized and returns a new array on every call. That broke reselect's reference-equality input check, so the selector recomputed and returned a fresh {count, hasFailed} object on every store dispatch — forcing RecapsLink (always mounted when the feature flag is on) to re-render on every action. Key the selector off state.entities.recaps directly and iterate ids in the result function so memoization holds when the recaps slice is unchanged. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * Address PR feedback on Recaps sidebar badge - Pass shallowEqual to the useSelector consuming getUnreadFinishedRecapsBadge. The selector returns a plain {count, hasFailed} object, so recap updates that change a recap but leave the badge values the same (e.g. marking a read recap) would otherwise force RecapsLink to re-render. - Scope the "no badge" negative assertion to the render container so it only asserts on the badge element, not any '1' or '.badge' elsewhere in the DOM. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * Address UX feedback on Recaps sidebar badge - Add `unread` class to the sidebar item and `unread-title` to the link when there are unread recaps so the label goes bold and the icon goes full-opacity, matching how channels and the threads link indicate unread state. - Keep the badge (and the new failed icon) visible on hover so it doesn't disappear under the cursor -- same override the threads link uses. - Replace the red failed-badge modifier with an amber alert icon rendered in place of the count badge when any unread recap has failed. Red mention badges are reserved for urgent priority messages and caused confusion here. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * Keep Recaps badge in place on hover The global sidebar hover rule shrinks padding-right from 16px to 5px to make room for the per-channel menu button, which shifted the badge right since it stays visible. Restore padding-right: 16px on hover for the Recaps link, matching what the threads link already does. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * Align Recaps failed-icon aria-label with tooltip The aria-label on the .RecapsFailedIcon span was a hardcoded English string ("Recap failed") that differed from the tooltip shown to sighted users ("One or more recaps failed"). Derive the aria-label from the same intl message used by the tooltip so screen readers and sighted users get the same wording and the label is localized. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * Stop Recaps link from overriding global unread label styling The combined `.active .SidebarLink, .SidebarLink.unread-title` rule pushed font-weight: 400 onto .SidebarChannelLinkLabel with specificity (0,4,0), overriding the global `.SidebarChannel.unread` rule that sets font-weight: 600 and --sidebar-unread-text at (0,3,0). As a result the Recaps label rendered at normal weight when unread, inconsistent with channels and the threads link. Split the rules: keep the active-state overrides as they were, and limit the unread-title rule to the icon-specific styling Recaps actually needs, letting the global unread styling apply to the label. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * Add i18n entry for Recaps failed-tooltip Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * change size of alert icon * fix the right icon * Add ViewedAt to recaps and POST /recaps/mark_viewed endpoint Introduce a new ViewedAt field on Recap, separate from ReadAt, that tracks whether the user has at least seen a finished recap on the recaps page. ReadAt keeps its existing per-recap "Mark read" semantics. - New Postgres migration 000172 adds the ViewedAt column (default 0) and an idx_recaps_user_id_viewed_at index mirroring the existing ReadAt index. - New store method MarkRecapsAsViewed(userId, statuses) does a single UPDATE ... WHERE ViewedAt = 0 AND Status IN (...) RETURNING Id so the app layer can fan out one WS event per affected recap. - New App.MarkRecapsAsViewed(rctx) marks the user's not-yet-viewed completed/failed recaps and broadcasts WebsocketEventRecapUpdated per affected id. - New POST /recaps/mark_viewed handler. Registered before the {recap_id} regex routes so mark_viewed isn't captured as an id. - RegenerateRecap now resets ViewedAt = 0 so a regenerated recap is surfaced again in the badge once it completes. As a related fix, UpdateRecap now persists ReadAt and ViewedAt -- previously it silently dropped the ReadAt = 0 reset that RegenerateRecap was setting in memory. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * Mark recaps as viewed when the recaps page mounts Wire the new server endpoint into the webapp: - Recap type now includes viewed_at: number. - Client4.markRecapsAsViewed posts to /recaps/mark_viewed. - New markRecapsAsViewed redux action, fired alongside getRecaps and getAgents in the recaps page mount effect. The server broadcasts recap_updated per affected recap so other tabs/devices receive the update through the existing handleRecapUpdated WS handler -- no new client-side handler needed. - getUnreadFinishedRecapsBadge now filters on viewed_at === 0 instead of read_at === 0, so the sidebar badge clears on page open instead of requiring per-recap "Mark read" clicks. Selector tests updated to match. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * Address review feedback on Recaps viewed_at change - Defer markRecapsAsViewed until after getRecaps resolves on the recaps page mount. Previously they ran in parallel, so getRecaps could land last and overwrite the viewed_at: <now> timestamps the WS-driven refresh had just written, briefly re-showing the badge. - Switch the markRecapsAsViewed audit log to LevelContent and record the affected ids as result state, matching the pattern of every other mutating recap handler (markRecapAsRead, deleteRecap, etc). recap_count meta is now recorded unconditionally. - Add an app-layer test that asserts MarkRecapsAsViewed publishes a recap_updated websocket event for each affected recap. The fan-out is the entire reason this lives in the app layer, so a regression removing the publish loop should fail loudly. - Add a store-layer regression test that UpdateRecap actually persists ReadAt = 0 / ViewedAt = 0 resets, guarding the regenerate flow against a future change that drops those columns from the update map. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * Update migrations.list for 000172_add_recaps_viewed_at Regenerated via `make migrations-extract` so the autogenerated sequence list includes the new recaps ViewedAt migration files. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * Use AddMeta for Recaps mark_viewed audit ids AddEventResultState takes a model.Auditable, not a plain map[string]any, so the previous attempt to record the affected ids did not compile. Record them as audit metadata instead, matching the pattern used by getRecaps which similarly returns a slice and uses AddMeta only. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * Split Recaps ViewedAt index into a CONCURRENTLY migration The lint check rejects bare CREATE/DROP INDEX in migrations because they take an ACCESS EXCLUSIVE lock and block DML. Split the index off into 000173 with CONCURRENTLY + the morph:nontransactional directive, matching the pattern used by 000168/000169 (LinkedFieldID column + its index). 000172 keeps just the ALTER TABLE ADD COLUMN, which can stay transactional. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * Add viewed_at to existing Recap test fixtures The Recap type now requires viewed_at, so the fixtures in recap_item.test.tsx, recap_processing.test.tsx, and recaps_list.test.tsx need it too. CI was rejecting them with TS2741. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * Mock markRecapsAsViewed in recaps.test.tsx The mount effect now also dispatches markRecapsAsViewed, but the manual jest.mock for 'mattermost-redux/actions/recaps' only exposed getRecaps, so the runtime call resolved to undefined and crashed with "markRecapsAsViewed is not a function". Add the missing entry to the mock. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * Add /recaps/mark_viewed and Recap.viewed_at to OpenAPI spec The recap-spec validator rejected the new POST /api/v4/recaps/mark_viewed handler because it had no documented operation. Add the path with its MarkRecapsAsViewed operationId, response shape, and behavior, and add the new viewed_at timestamp field to the Recap schema in definitions. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * Fill in app.recap.mark_viewed.app_error translation The new MarkRecapsAsViewed app method references this i18n key but the en.json entry was added with an empty translation. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * Skip markRecapsAsViewed when getRecaps fails Marking recaps as viewed implies the user just looked at them. If getRecaps fails the user is staring at an error/empty state, so we shouldn't ack them on the server. Gate the dispatch on the thunk's result.error -- the codebase's bindClientFunc swallows errors and returns {error}, so the conventional try/catch pattern doesn't apply here. Update the recaps.test.tsx dispatch mock to return a resolved promise so the new awaited result has the expected shape. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * Clear and assert markRecapsAsViewed mock in recaps.test.tsx Reset the new mock in beforeEach so it doesn't carry state across tests, and assert that the mount effect dispatches markRecapsAsViewed after getRecaps resolves. Awaiting via waitFor since the mark fires inside an async fetchData chain. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-06 15:14:18 +02:00
unified-ci-app[bot]	d5946e9477	Update latest minor version to 11.8.0 (#36437) ... Automatic Merge	2026-05-06 08:23:38 +02:00
Daniel Espino García	ebc066e7fd	[MM-68273] Add system messages for share / unshare events (#36032) ... * [MM-68273] Add system messages for share / unshare events * Fix CI * Address feedback * Fix CI * Remove unknown prop * Add missing tests	2026-05-05 15:25:25 +02:00
Scott Bishel	5bad893cad	Move interactive dialog date/datetime properties into datetime_config (#36067) ... * Move min_date, max_date, time_interval into DialogElement.datetime_config Consolidate date/datetime configuration into the datetime_config sub-object on both DialogElement (Go/TS) and AppField (TS), deprecating the top-level fields while keeping them for backward compatibility. DateTimeConfig values take precedence over legacy fields via EffectiveDateTimeConfig() (Go) and nullish coalescing fallback chains (TS). Also fixes: timezone indicator now uses FormattedMessage for i18n, CSS class with theme variable instead of inline styles, and proper DateTimeConfig type instead of Record<string, unknown> cast.	2026-05-01 10:00:20 -06:00
Ibrahim Serdar Acikgoz	4da11e81af	[MM-68497] Enables membership policies on public channels with advisory semantics (#36275)	2026-04-30 00:56:32 +02:00
David Krauser	6c0e0fee4a	[MM-68464] Introduce system object type for property fields and values (#36250)	2026-04-29 18:47:34 +00:00
Ibrahim Serdar Acikgoz	85dc085197	[MM-68535] Invalidate channel cache after policy assignment (#36292)	2026-04-28 20:50:29 +00:00
David Krauser	2b7b398a22	[MM-68102] Add Classification Markings admin console page (#35934) ... Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Co-authored-by: David Krauser <david@krauser.org> Co-authored-by: avasconcelos114 <andre.onogoro@gmail.com>	2026-04-28 20:02:41 +00:00
Harrison Healey	f8bf924ebf	MM-67319/MM-67320 Move ShortcutKey and WithTooltip into shared package (#36037) ... * MM-67319 Move ShortcutKey component into Shared Package * MM-67322 Add i18n-extract support for shared package and move key constants * MM-67320 Move WithTooltip into shared package without modification * Add CSS variables for standard z-indices * Update TooltipShortcut to point to shared ShortcutKey * Update TooltipContent to use shared Emoji * Move isMessageDescriptor into shared package * Add Floating UI as explicit dependency of shared package * Fix WithTooltip imports * Fix imports for ShortcutX types * Move/copy tooltip constants into shared package * Fix WithTooltip tests * Remove unneeded TODO comments * Actually share new modules with plugins * Stop publishing src folder for shared package	2026-04-27 20:26:58 +00:00
Harrison Healey	5e42f6f80c	Fix web app run script crashing (#36271)	2026-04-27 11:10:54 -04:00
Harrison Healey	f6341a17ba	MM-68247 Move user agent utilities into shared package and clean it up (#36033) ... * Start moving user agent utils into shared package * Remove inobounce and stop exporting isIosSafari Based on some quick testing on my phone, inobounce is no longer needed. Both local and Community: 1. Let you overscroll on the landing and login pages 2. Don't overscroll in a channel, a thread, or the LHS while fully zoomed out 3. Do let you overscroll when zoomed in That also lets me reduce the size of the interface for utils/user_agent. * Remove unneeded exports and unused functions * Remove outdated workarounds from FileUpload component These were only needed to support a 10 year old version of iOS Chrome and the classic app. * Remove useOrientationHandler This was added in https://github.com/mattermost/mattermost-webapp/pull/2504, but I don't think the extra complexity is worth keeping it around when we mostly support mobile view for desktop accessibility reasons. * Replace isIosWeb/isAndroidWeb with isIos/isAndroid These were previously needed to differentiate between the mobile web app and the classic app. * Replace isMobileApp with isMobile Similar to the last commit, we used to need to differentiate between the mobile web and the classic app. For most places, I just replaced isMobileApp with isMobile, but I removed the check in ProductMenuList because we want to show that link on mobile web. * Move isInternetExplorer and isEdge out of the shared package Those should be removed, so I don't want to include them in the shared package at all. I also renamed isChromiumEdge to just isEdge since that should be its name once the old ones are removed. * Change how functions are re-exported to fix tests * Update web app code to use shared user agent utils directly * Removed useless mock * Fix how tests mock utils/user_agent now that it's fully moved * Actually export user_agent utils from shared package	2026-04-16 21:34:31 +00:00
Asaad Mahmood	d2848a893a	MM-68274 - Adding watermarking toggle in server (#36025) ... * Adding watermarking toggle in server * Update setting to enterprise * Adding it to mobile security * Updating experimental section * Moved back to experimental settings. Added license checks * Updating tests --------- Co-authored-by: maria.nunez <maria.nunez@mattermost.com>	2026-04-16 16:42:50 +05:00
Ibrahim Serdar Acikgoz	beb96185cd	[MM-68183] Permission policies (#36003) ... --------- Co-authored-by: Pablo Vélez <pablovv2012@gmail.com>	2026-04-16 04:02:12 +03:00
Pablo Vélez	80b977807a	Feature mm 64509 team admin abac channels (#36061) ... * MM-67592 - be changes for team admin abac channels (#35353) * MM-67592 - be changes for team admin abac channels * Revert team-scoped API routes, keep app layer business logic * move from config to permission; Add cluster-aware LRU cache for policy team scope lookup * remove unnecessary references to config value * local/remote cache invalidation consistency for policy scope * Replace policy scope cache with store-level team scope query * rename functions and add comments to query --------- Co-authored-by: Mattermost Build <build@mattermost.com> * MM 67594 - policies CUD operations to team settings modal channels ABAC (#35590) * MM-67592 - be changes for team admin abac channels * Revert team-scoped API routes, keep app layer business logic * move from config to permission; Add cluster-aware LRU cache for policy team scope lookup * remove unnecessary references to config value * local/remote cache invalidation consistency for policy scope * Replace policy scope cache with store-level team scope query * format files correctly * fix mock expectations for store-query approach in tests * rename functions and add comments to query * revert error ids to original to prevent break tests * adjust translations * MM-67669 - add tab to team settings modal and basic listing * adjust tests and fix linter * use existing search api logic * fix style and adjust flaky test to clean up and restore orinals * address ai corabbit feedback and fix linter * fix unit tests * MM-67592 - be changes for team admin abac channels (#35353) * MM-67592 - be changes for team admin abac channels * fix linter * fix ts linter for playwright * Revert team-scoped API routes, keep app layer business logic * move from config to permission; Add cluster-aware LRU cache for policy team scope lookup * remove unnecessary references to config value * local/remote cache invalidation consistency for policy scope * Replace policy scope cache with store-level team scope query * format files correctly * fix mock expectations for store-query approach in tests * rename functions and add comments to query * revert error ids to original to prevent break tests * adjust translations --------- Co-authored-by: Mattermost Build <build@mattermost.com> * MM-67594 - support cud operations for team abac BE changes * create the team settings policy edit section, reuse most components, add basic e2e * move optional refresh policy list button to list component * temp get team admins cud policies and sync job * enhance validation and adjust e2e * Fix testExpression permission; fix pagination of team policies; add isValidId validation * adjust styles, handling renaming and add permission migrations * update the permissions names, use the simple confirmation modal, define the delete modal * fix policy deletion flow * fix some linter issues and adjust helper tests * remove delete from list and fix e2e * code comments clean up * remove CEL editor for now, clean styles, enhance e2e * fix linter, adjust unit test * fix linter and add missing translation * fix policy deletion ownership and sanitize test expression * fixed e2e tests * rollback orphaned policy on failed channel assignment * enforce channelless check before last_team_id fallback * enforce channelless guard on assign fallback too * add translations missing * add teamId to audit payload when present * fix refresh button pagination reset * fix null safety in channel selector loadChannels * use responsive width cap for team settings modal and adjust header size * remove redundant raw term from channel search URL, add showRefreshButton prop to PolicyList component * handle error when stamping last team ID on channelless policy * replace Props-based ownership with in-memory LRU cache, disable save on zero channels * make e2e tests more reliable in CI * test skip if no license valid found * add childCount guard to cache-hit paths and reduce TTL to 5s * fix e2e, adjust translation * address review feedback: flatten permission checks and separate error types - Flatten nested permission branching in deleteAccessControlPolicy using early returns to reduce indentation (review: isacikgoz) - Validate teamID as input (400) before using it for permission checks (403) in testExpression and validateExpressionAgainstRequester handlers - Remove redundant hasSystemPermission check in searchAccessControlPolicies since system_admin role already includes manage_team_access_rules - Refactor ValidateTeamAdminPolicyOwnership to return (bool, *model.AppError) separating "not owned" from "internal error" across all 8 call sites - Update tests to assert on both return values Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * add persistent team scope to access control policies, replace in-memory cache * fix translation * fix case-insensitive policy search and sanitize search term input * make policies tests have a unique name * decouple scope/scopeID filter from TeamID in policy store * Fix authZ bypass searchChannelsForAccessControlPolicy by forcing TeamIds to authorized team * show unsaved changes on navigator back, and list all private channels on load * filter already applied channels to a policy * adjust the styles to dark mode; do not show added channels to the policy in the add channels modal * fix linter * MM-67967 add sync status footer to team settings (#35729) * MM-67967 add sync status footer to team settings * remove magic numbers and strings and polish the code * fix linter * fix linter: replace interface{} with any per gofmt rewrite rule Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * refine getJobsByType team-scoped filtering and permissions * fix sync footer stuck in syncing state on job creation error * fix team-scoped job pagination in getJobsByType * Fix authZ bypass searchChannelsForAccessControlPolicy by forcing TeamIds to authorized team * implement ux feedback, change titles font, fix marging and scroll view jump * MM-68135 - migrate add channels to policy modal to generic modal (#35907) * MM-67920 unify e2e team settings tests (#35867) * MM-67920 - extract duplicated policy editor helpers * remove duplicate team icon test file * rename Access Control to Membership Policies in e2e * replace networkidle with explicit element waits * fix attribute loading issue --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> --------- Co-authored-by: Mattermost Build <build@mattermost.com> Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix playwright feedback issues and persist filters to the store layer in the no systemconsole path * Improve policy scope validation and team admin security checks * Renamed public channels to "AAA Public Channel %03d" and private ones to "ZZZ Private..." so the 55 public channels now fill the 50-result cap * fix e2e tests and add new unit tests to improve coverage * Improve e2e test stability: race condition handling and timeout adjustments * Improve team-scoped ABAC policies: scope preservation, input validation, shared exclusion * Add comprehensive ABAC test coverage: team admin ops and security validation to reduce flakyness * Fix team policy editor back button: preserve navigation intent through Undo * style: format import statements for better readability * Enhance access control policy creation for team admins: enforce scope stamping from query parameters to prevent unauthorized team assignments --------- Co-authored-by: Mattermost Build <build@mattermost.com> Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-16 00:48:43 +02:00
sabril	bff3577690	chore(playwright): upgrade to v1.59 and to typescript@6.0 (#36071)	2026-04-15 17:43:52 +08:00
Ibrahim Serdar Acikgoz	c66bb0ecdb	[MM-68109] Introduce new policy version v0.3 (#35904)	2026-04-15 11:22:41 +02:00
Devin Binnie	01219efbf4	[MM-68037] Managed Sidebar Categories (MVF) (#35935) ... * [MM-68037] Managed Sidebar Categories (MVF) * PR feedback * PR feedback * Fix test issue again * Fixed a few things * Fix again * PR feedback * Update server/i18n/en.json Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> * Update server/i18n/en.json Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> * Update webapp/channels/src/packages/mattermost-redux/src/actions/channel_categories.ts Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> * PR feedback * PR feedback * More PR feedback * Test fixes * This one too * PR feedback * more * More feedback * More * more * Yup * More * PR feedback * Update webapp/channels/src/components/channel_settings_modal/managed_category_selector.scss Co-authored-by: Matthew Birtch <mattbirtch@gmail.com> * Block setting behind Enterprise license * Update webapp/channels/src/packages/mattermost-redux/src/selectors/entities/channel_categories.ts Co-authored-by: Harrison Healey <harrisonmhealey@gmail.com> * Update webapp/channels/src/packages/mattermost-redux/src/actions/channel_categories.ts Co-authored-by: Harrison Healey <harrisonmhealey@gmail.com> * PR feedback * Don't await for the initial managed category check * Turn into its own action --------- Co-authored-by: Mattermost Build <build@mattermost.com> Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> Co-authored-by: Matthew Birtch <mattbirtch@gmail.com> Co-authored-by: Harrison Healey <harrisonmhealey@gmail.com>	2026-04-14 09:00:59 -04:00
Daniel Espino García	ed80e8ba91	Shared channel UI for channel admins (#35448) ... * Shared channel UI for channel admins * Fix lint * Use errors.is instead of using string comparison * Fix configuration check * Handle error when sharing an already shared channel * Remove unneeded disabled prop * Add missing tests * Frontend tweaks * Fix lint * Fix lint and test * Address coderabbit review * Fix removing unconfirmed remotes * Better handle errors while saving state * Remove unneeded state * Fix selector not being stable between different renders * Fix i18n and improve one type * Update webapp/channels/src/components/channel_settings_modal/share_channel_with_workspaces/share_channel_with_workspaces.scss Co-authored-by: Matthew Birtch <mattbirtch@gmail.com> * Update webapp/channels/src/components/channel_settings_modal/share_channel_with_workspaces/add_workspace_dropdown.tsx Co-authored-by: Matthew Birtch <mattbirtch@gmail.com> * Update webapp/channels/src/components/channel_settings_modal/share_channel_with_workspaces/share_channel_with_workspaces.scss Co-authored-by: Matthew Birtch <mattbirtch@gmail.com> * Update webapp/channels/src/components/channel_settings_modal/share_channel_with_workspaces/workspace_list.tsx Co-authored-by: Matthew Birtch <mattbirtch@gmail.com> * Update webapp/channels/src/components/channel_settings_modal/share_channel_with_workspaces/share_channel_with_workspaces.scss Co-authored-by: Matthew Birtch <mattbirtch@gmail.com> * Update webapp/channels/src/components/channel_settings_modal/share_channel_with_workspaces/share_channel_with_workspaces.scss Co-authored-by: Matthew Birtch <mattbirtch@gmail.com> * Apply suggestions from code review Co-authored-by: Matthew Birtch <mattbirtch@gmail.com> * Deal with settings option permissions * Add message when no remotes are available * Add dividers * Add disabled tooltip * Fix tests * Fix lint * Touch update at on share/unshare * Fix tests * Fix lint * Add missing await * Add e2e tests * Fix playwright prettier * Update server.prepare to have connected workspaces enabled by default * Revert changes on server.prepare and try with changes on server.generate * Fix shared channel configuration E2E tests (#35786) * Update webapp/channels/src/components/channel_settings_modal/share_channel_with_workspaces/share_channel_with_workspaces.scss Co-authored-by: Matthew Birtch <mattbirtch@gmail.com> * Update initial enabled state to properly handle saves * Update role name in e2e tests --------- Co-authored-by: Matthew Birtch <mattbirtch@gmail.com> Co-authored-by: Mattermost Build <build@mattermost.com> Co-authored-by: yasser khan <attitude3cena.yf@gmail.com> Co-authored-by: Doug Lauder <wiggin77@warpmail.net>	2026-04-14 11:37:09 +02:00
Harrison Healey	8e14c8ed58	MM-67505 Add AnalyticsQueryTimeout setting and use when refreshing materialized views (#35906) ... * MM-67505 Add AnalyticsQueryTimeout setting and use when refreshing materialized views * Fix last minute i18n change * Disallow 0 values for AnalyticsQueryTimeout * Fix E2E test config * Fix post store tests crashing * Update snapshot and revert accidental changes to it	2026-04-13 09:27:20 -04:00
Scott Bishel	f441b34dee	Fix interactive dialog bugs: dynamic select lookups, radio values, field refresh (#35640) ... * Fix interactive dialog bugs: dynamic select lookups, radio values, and field refresh - Cache sanitized fields in AppsForm to preserve object identity across renders, preventing AsyncSelect from remounting and re-triggering dynamic select lookups on every keystroke in any field - Normalize radio field default values to plain strings in getDefaultValue() so the value shape is consistent with what RadioSetting.onChange returns (e.target.value). Accept both string and {label, value} object shapes downstream for backwards compatibility. - Fix radio field [object Object] in submission by extracting .value from AppSelectOption objects in convertAppFormValuesToDialogSubmission - Include selected_field in refresh submission so plugins know which field triggered the refresh. Use a shallow copy of accumulatedValues to avoid permanently contaminating the accumulated state. - Send empty string for cleared select fields in refresh submissions. Previously, extractPrimitiveValues skipped null values and the spread merge never overwrote stale accumulated keys.	2026-04-09 07:50:36 -06:00
unified-ci-app[bot]	6662021dd5	Update latest minor version to 11.7.0 (#35964) ... Co-authored-by: unified-ci-app[bot] <121569378+unified-ci-app[bot]@users.noreply.github.com>	2026-04-07 09:34:34 +03:00
Doug Lauder	3888a69479	MM-68158: Fix shared channel remote display and notify UI on invite completion (#35908) ... * MM-68158: Fix shared channel remote display and add WebSocket notification Fix getSharedChannelRemotes API handler passing ChannelId instead of RemoteId to GetRemoteCluster, which always failed the lookup. Add RemoteId to SharedChannelRemoteStatus model and store query. Add shared_channel_remote_updated WebSocket event published from the onInvite callback so the UI refreshes its cached remote names when the async invite completes, instead of showing the generic "Shared with trusted organizations" fallback. * Improved unit tests per review comments	2026-04-03 02:06:01 -04:00
Miguel de la Cruz	48f2fd0873	Merge the Integrated Boards MVP feature branch (#35796) ... * Add CreatedBy and UpdatedBy to the properties fields and values (#34485) * Add CreatedBy and UpdatedBy to the properties fields and values * Fix types --------- Co-authored-by: Miguel de la Cruz <miguel@ctrlz.es> * Adds ObjectType to the property fields table (#34908) Co-authored-by: Miguel de la Cruz <miguel@ctrlz.es> * Update ObjectType migration setting an empty value and marking the column as not null (#34915) Co-authored-by: Miguel de la Cruz <miguel@ctrlz.es> * Adds uniqueness mechanisms to the property fields (#35058) * Adds uniqueness mechanisms to the property fields After adding ObjectType, this commit ensures that both the PSAv1 and PSAv2 schemas are supported, and enforces property uniqueness through both database indexes and a logical check when creating new property fields. * Adds uniqueness check to property updates Updates are covered on this commit and we refactor as well the SQL code to use the squirrel builder and work better with the conditional addition of the `existingID` piece of the query. * Add translations to error messages * Fixing retrylayer mocks * Remove retrylayer duplication * Address review comments * Fix comment to avoid linter issues * Address PR comments * Update server/channels/db/migrations/postgres/000157_add_object_type_to_property_fields.down.sql Co-authored-by: Alejandro García Montoro <alejandro.garciamontoro@gmail.com> * Update server/channels/db/migrations/postgres/000157_add_object_type_to_property_fields.up.sql Co-authored-by: Alejandro García Montoro <alejandro.garciamontoro@gmail.com> * Update server/channels/db/migrations/postgres/000157_add_object_type_to_property_fields.up.sql Co-authored-by: Alejandro García Montoro <alejandro.garciamontoro@gmail.com> * Update field validation to check only for valid target types * Update migrations to avoid concurrent index creation within a transaction * Update migrations to make all index ops concurrent * Update tests to use valid PSAv2 property fields * Adds a helper for valid PSAv2 TargetTypes --------- Co-authored-by: Miguel de la Cruz <miguel@ctrlz.es> Co-authored-by: Alejandro García Montoro <alejandro.garciamontoro@gmail.com> * Fix property tests (#35388) Co-authored-by: Miguel de la Cruz <miguel@ctrlz.es> * Adds Integrated Boards feature flag (#35378) Co-authored-by: Miguel de la Cruz <miguel@ctrlz.es> * Adds Integrated Boards MVP API changes (#34822) This PR includes the necessary changes for channels and posts endpoints and adds a set of generic endpoints to retrieve and manage property fields and values following the new Property System approach. Co-authored-by: Miguel de la Cruz <miguel@ctrlz.es> Co-authored-by: Mattermost Build <build@mattermost.com> * Property System Architecture permissions for v2 (#35113) * Adds uniqueness mechanisms to the property fields After adding ObjectType, this commit ensures that both the PSAv1 and PSAv2 schemas are supported, and enforces property uniqueness through both database indexes and a logical check when creating new property fields. * Adds uniqueness check to property updates Updates are covered on this commit and we refactor as well the SQL code to use the squirrel builder and work better with the conditional addition of the `existingID` piece of the query. * Add translations to error messages * Add the permissions to the migrations, model and update the store calls * Adds the property field and property group app layer * Adds authorization helpers for property fields and values * Make sure that users cannot lock themselves out of property fields * Migrate permissions from a JSON column to three normalized columns * Remove the audit comment * Use target level constants in authorization * Log authorization membership failures * Rename admin to sysadmin * Fix i18n sorting --------- Co-authored-by: Miguel de la Cruz <miguel@ctrlz.es> * Add Views store and app layer (#35361) * Add Views store and app layer for Integrated Boards Implements the View entity (model, SQL store, service, app) as described in the Integrated Boards tech spec. Views are channel-scoped board configurations with typed props (board, kanban subviews) and soft-delete. - public/model: View, ViewBoardProps, Subview, ViewPatch types with PreSave/PreUpdate/IsValid/Patch/Clone/Auditable - Migration 158: Views table with jsonb Props column and indexes - SqlViewStore: CRUD with nil-safe Props marshaling (AppendBinaryFlag) - ViewService: CreateView seeds default kanban subview and links the boards property field; caches boardPropertyFieldID at startup - App layer: CreateView/GetView/GetViewsForChannel/UpdateView/DeleteView with channel-membership permission checks and WebSocket events (view_created, view_updated, view_deleted) - doSetupBoardsPropertyField: registers the Boards property group and board field in NewServer() before ViewService construction - GetFieldByName now returns store.ErrNotFound instead of raw sql.ErrNoRows * Move permission checks out of App layer for views - Remove HasPermissionToChannel calls from all App view methods - Drop userID params from GetView, GetViewsForChannel, UpdateView, DeleteView - Fix doSetupBoardsPropertyField to include required TargetType for PSAv2 field * Make View service generic and enforce board validation in model - Remove board-specific auto-setup from service and server startup - Enforce that board views require Props, at least one subview, and at least one linked property in IsValid() - Move default subview seeding out of app layer; callers must provide valid props - Call PreSave on subviews during PreUpdate to assign IDs to new subviews - Update all tests to reflect the new validation requirements * Restore migrations files to match base branch * Distinguish ErrNotFound from other errors in view store Get * Use CONCURRENTLY and nontransactional for index operations in views migration * Split views index creation into separate nontransactional migrations * Update migrations.list * Update i18n translations for views * Fix makeView helper to include required Props for board view validation * Rename ctx parameter from c to rctx in OAuthProvider mock * Remove views service layer, call store directly from app * Return 500 for unexpected DB errors in GetView, 404 only for not-found * Harden View model: deep-copy Props, validate linked property IDs - Add ViewBoardProps.Clone() to deep-copy LinkedProperties and Subviews - Use it in View.Clone() and View.Patch() to prevent shared-slice aliasing - Iterate over LinkedProperties in View.IsValid() and reject invalid IDs with a dedicated i18n key - Register ViewStore in storetest AssertExpectations so mock expectations are enforced - Add tests covering all new behaviours * Restore autotranslation worker_stopped i18n translation * Fix view store test IDs and improve error handling in app layer - Use model.NewId() for linked property IDs in testUpdateView to fix validation failure (IsValid rejects non-UUID strings) - Fix import grouping in app/view.go (stdlib imports in one block) - Return 404 instead of 500 when Update/Delete store calls return ErrNotFound (e.g. concurrent deletion TOCTOU race) * Add View store mock to retrylayer test genStore helper The View store was added to the store interface but the genStore() helper in retrylayer_test.go was not updated, causing TestRetry to panic. Also removes the duplicate Recap mock registration. * Refactor view deletion and websocket event handling; update SQL store methods to use query builder * revert property field store * Remove useless migrations * Add cursor-based pagination to View store GetForChannel - Add ViewQueryCursor and ViewQueryOpts types with validation - Return (views, cursor, error) for caller-driven pagination - PerPage clamping: <=0 defaults to 20, >200 clamps to 200 - Support IncludeDeleted filter - Add comprehensive store tests for pagination, cursor edge cases, PerPage clamping, and invalid input rejection - Add app layer test for empty channelID → 400 - Update interface, retrylayer, timerlayer, and mock signatures Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Refactor test loops in ViewStore tests for improved readability * change pagination to limit/offset * Add upper-bound limits on View Subviews and LinkedProperties Defense-in-depth validation: cap Subviews at 50 and LinkedProperties at 500 to prevent abuse below the 300KB payload limit. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> * MM-67388, MM-66528, MM-67750: Add View REST API endpoints, websocket events, and sort order (#35442) * Add Views store and app layer for Integrated Boards Implements the View entity (model, SQL store, service, app) as described in the Integrated Boards tech spec. Views are channel-scoped board configurations with typed props (board, kanban subviews) and soft-delete. - public/model: View, ViewBoardProps, Subview, ViewPatch types with PreSave/PreUpdate/IsValid/Patch/Clone/Auditable - Migration 158: Views table with jsonb Props column and indexes - SqlViewStore: CRUD with nil-safe Props marshaling (AppendBinaryFlag) - ViewService: CreateView seeds default kanban subview and links the boards property field; caches boardPropertyFieldID at startup - App layer: CreateView/GetView/GetViewsForChannel/UpdateView/DeleteView with channel-membership permission checks and WebSocket events (view_created, view_updated, view_deleted) - doSetupBoardsPropertyField: registers the Boards property group and board field in NewServer() before ViewService construction - GetFieldByName now returns store.ErrNotFound instead of raw sql.ErrNoRows * Move permission checks out of App layer for views - Remove HasPermissionToChannel calls from all App view methods - Drop userID params from GetView, GetViewsForChannel, UpdateView, DeleteView - Fix doSetupBoardsPropertyField to include required TargetType for PSAv2 field * Make View service generic and enforce board validation in model - Remove board-specific auto-setup from service and server startup - Enforce that board views require Props, at least one subview, and at least one linked property in IsValid() - Move default subview seeding out of app layer; callers must provide valid props - Call PreSave on subviews during PreUpdate to assign IDs to new subviews - Update all tests to reflect the new validation requirements * Restore migrations files to match base branch * Distinguish ErrNotFound from other errors in view store Get * Use CONCURRENTLY and nontransactional for index operations in views migration * Split views index creation into separate nontransactional migrations * Update migrations.list * Update i18n translations for views * Fix makeView helper to include required Props for board view validation * Rename ctx parameter from c to rctx in OAuthProvider mock * Remove views service layer, call store directly from app * Return 500 for unexpected DB errors in GetView, 404 only for not-found * Harden View model: deep-copy Props, validate linked property IDs - Add ViewBoardProps.Clone() to deep-copy LinkedProperties and Subviews - Use it in View.Clone() and View.Patch() to prevent shared-slice aliasing - Iterate over LinkedProperties in View.IsValid() and reject invalid IDs with a dedicated i18n key - Register ViewStore in storetest AssertExpectations so mock expectations are enforced - Add tests covering all new behaviours * Restore autotranslation worker_stopped i18n translation * Fix view store test IDs and improve error handling in app layer - Use model.NewId() for linked property IDs in testUpdateView to fix validation failure (IsValid rejects non-UUID strings) - Fix import grouping in app/view.go (stdlib imports in one block) - Return 404 instead of 500 when Update/Delete store calls return ErrNotFound (e.g. concurrent deletion TOCTOU race) * Add View store mock to retrylayer test genStore helper The View store was added to the store interface but the genStore() helper in retrylayer_test.go was not updated, causing TestRetry to panic. Also removes the duplicate Recap mock registration. * Refactor view deletion and websocket event handling; update SQL store methods to use query builder * revert property field store * Add View API endpoints with OpenAPI spec, client methods, and i18n Implement REST API for channel views (board-type) behind the IntegratedBoards feature flag. Adds CRUD endpoints under /api/v4/channels/{channel_id}/views with permission checks matching the channel bookmark pattern. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Remove useless migrations * Add cursor-based pagination to View store GetForChannel - Add ViewQueryCursor and ViewQueryOpts types with validation - Return (views, cursor, error) for caller-driven pagination - PerPage clamping: <=0 defaults to 20, >200 clamps to 200 - Support IncludeDeleted filter - Add comprehensive store tests for pagination, cursor edge cases, PerPage clamping, and invalid input rejection - Add app layer test for empty channelID → 400 - Update interface, retrylayer, timerlayer, and mock signatures Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Add cursor-based pagination to View API for channel views * Enhance cursor handling in getViewsForChannel and update tests for pagination * Refactor test loops in ViewStore tests for improved readability * Refactor loop in TestGetViewsForChannel for improved readability * change pagination to limit/offset * switch to limit/offset pagination * Add upper-bound limits on View Subviews and LinkedProperties Defense-in-depth validation: cap Subviews at 50 and LinkedProperties at 500 to prevent abuse below the 300KB payload limit. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Add view sort order API endpoint Add POST /api/v4/channels/{channel_id}/views/{view_id}/sort_order endpoint following the channel bookmarks reorder pattern. Includes store, app, and API layers with full test coverage at each layer. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Add connectionId to view WebSocket events and sort_order API spec Thread connectionId from request header through all view handlers (create, update, delete, sort_order) to WebSocket events, matching the channel bookmarks pattern. Add sort_order endpoint to OpenAPI spec. Update minimum server version to 11.6. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Remove duplicate View/ViewPatch definitions from definitions.yaml The merge from integrated-boards-mvp introduced duplicate View and ViewPatch schema definitions that were already defined earlier in the file with more detail (including ViewBoardProps ref and enums). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Update minimum server version to 11.6 in views API spec Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Add missing translations for view sort order error messages Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Merge integrated-boards-mvp into ibmvp_api-views; remove spec files Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Fix flaky TestViewStore timestamp test on CI Add sleep before UpdateSortOrder to ensure timestamps differ, preventing same-millisecond comparisons on fast CI machines. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * remove duplicate views.yaml imclude * Use c.boolString() for include_deleted query param in GetViewsForChannel Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Fix views.yaml sort order schema: use integer type and require body Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Refactor view sort order tests to use named IDs instead of array indices Extract idA/idB/idC from views slice and add BEFORE/AFTER comments to make stateful subtest ordering easier to follow. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Return 404 instead of 403 for view operations on deleted channels Deleted channels should appear non-existent to callers rather than revealing their existence via a 403. Detailed error text explains the context for debugging. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * add missing channel deleteat checks * Use c.Params.Page instead of manual page query param parsing in getViewsForChannel c.Params already validates and defaults page/per_page, so the manual parsing was redundant. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Add support for total count in views retrieval * Add tests for handling deleted views in GetViewsForChannel and GetView * Short-circuit negative newIndex in UpdateSortOrder before opening transaction Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Add per-channel limit on views to bound UpdateSortOrder cost Without a cap, unbounded view creation makes sort-order updates increasingly expensive (CASE WHEN per view, row locks). Adds MaxViewsPerChannel=50 constant and enforces it in the app layer before saving. Includes API and app layer tests. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Remove include_deleted support from views API Soft-deleted views are structural metadata with low risk, but no other similar endpoint (e.g. channel bookmarks) exposes deleted records without an admin gate. Rather than adding an admin-only permission check for consistency, remove the feature entirely since there is no current use case. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Update view permissions to require `create_post` instead of channel management permissions * Remove obsolete view management error messages for direct and group messages --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> * feat(migrations): add user tracking and object type to property fields - Introduced user tracking columns (CreatedBy, UpdatedBy) to PropertyFields and PropertyValues. - Added ObjectType column to PropertyFields with associated unique indexes for legacy and typed properties. - Created new migration scripts for adding and dropping these features, including necessary indexes for data integrity. - Established views for managing property fields with new attributes. This update enhances the schema to support better tracking and categorization of property fields. * Add Property System Architecture v2 API endpoints (#35583) * Adds uniqueness mechanisms to the property fields After adding ObjectType, this commit ensures that both the PSAv1 and PSAv2 schemas are supported, and enforces property uniqueness through both database indexes and a logical check when creating new property fields. * Adds uniqueness check to property updates Updates are covered on this commit and we refactor as well the SQL code to use the squirrel builder and work better with the conditional addition of the `existingID` piece of the query. * Add translations to error messages * Add the permissions to the migrations, model and update the store calls * Adds the property field and property group app layer * Adds authorization helpers for property fields and values * Make sure that users cannot lock themselves out of property fields * Migrate permissions from a JSON column to three normalized columns * Remove the audit comment * Use target level constants in authorization * Log authorization membership failures * Rename admin to sysadmin * Adds the Property System Architecture v2 API endpoints * Adds permission checks to the create field endpoint * Add target access checks to value endpoints * Add default branches for object_type and target_type and extra guards for cursor client4 methods * Fix vet API mismatch * Fix error checks * Fix linter * Add merge semantics for property patch logic and API endpoint * Fix i18n * Fix duplicated patch elements and early return on bad cursor * Update docs to use enums * Fix i18n sorting * Update app layer to return model.AppError * Adds a limit to the number of property values that can be patched in the same request * Require target_type filter when searching property fields * Add objectType validation as part of field.IsValid() * Fix linter * Fix test with bad objecttpye * Fix test grouping --------- Co-authored-by: Miguel de la Cruz <miguel@ctrlz.es> * MM-67968: Flatten view model — remove icon, subviews, typed board props (#35726) * feat(views): flatten view model by removing icon, subview, and board props Simplifies the View data model as part of MM-67968: removes Icon, Subview, and ViewBoardProps types; renames ViewTypeBoard to ViewTypeKanban; replaces typed Props with StringInterface (map[string]any); adds migration 000167 to drop the Icon column from the Views table. Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com> * feat(api): update views OpenAPI spec to reflect flattened model Removes ViewBoardProps, Subview, and icon from the View and ViewPatch schemas. Changes type enum from board to kanban. Replaces typed props with a free-form StringInterface object. Aligns with MM-67968. Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com> * refactor(views): simplify store by dropping dbView and marshalViewProps StringInterface already implements driver.Valuer and sql.Scanner, so the manual JSON marshal/unmarshal and the dbView intermediate struct were redundant. model.View now scans directly from the database. Also removes the dead ViewMaxLinkedProperties constant and wraps the Commit() error in UpdateSortOrder. Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com> * fix(api): allow arbitrary JSON in view props OpenAPI schema The props field was restricted to string values via additionalProperties: { type: string }, conflicting with the Go model's StringInterface (map[string]any). Changed to additionalProperties: true in View, ViewPatch, and inline POST schemas. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com> * Adds basic implementation of the generic redux store for PSAv2 (#35512) * Adds basic implementation of the generic redux store for PSAv2 * Add created_by and updated_by to the test fixtures * Make target_id, target_type and object_type mandatory * Wrap getPropertyFieldsByIds and getPropertyValuesForTargetByFieldIds with createSelector * Address PR comments --------- Co-authored-by: Miguel de la Cruz <miguel@ctrlz.es> * Adds websocket messages for the PSAv2 API events (#35696) * Adds uniqueness mechanisms to the property fields After adding ObjectType, this commit ensures that both the PSAv1 and PSAv2 schemas are supported, and enforces property uniqueness through both database indexes and a logical check when creating new property fields. * Adds uniqueness check to property updates Updates are covered on this commit and we refactor as well the SQL code to use the squirrel builder and work better with the conditional addition of the `existingID` piece of the query. * Add translations to error messages * Add the permissions to the migrations, model and update the store calls * Adds the property field and property group app layer * Adds authorization helpers for property fields and values * Make sure that users cannot lock themselves out of property fields * Migrate permissions from a JSON column to three normalized columns * Remove the audit comment * Use target level constants in authorization * Log authorization membership failures * Rename admin to sysadmin * Adds the Property System Architecture v2 API endpoints * Adds permission checks to the create field endpoint * Add target access checks to value endpoints * Add default branches for object_type and target_type and extra guards for cursor client4 methods * Fix vet API mismatch * Fix error checks * Fix linter * Add merge semantics for property patch logic and API endpoint * Fix i18n * Fix duplicated patch elements and early return on bad cursor * Update docs to use enums * Fix i18n sorting * Update app layer to return model.AppError * Adds a limit to the number of property values that can be patched in the same request * Adds websocket messages for the PSAv2 API events * Add IsPSAv2 helper to the property field for clarity * Add guard against nil returns on field deletion * Add docs to the websocket endpoints --------- Co-authored-by: Miguel de la Cruz <miguel@ctrlz.es> * migrations: consolidate views migrations and reorder after master - Merged 000165 (create Views) with 000167 (drop Icon) since Icon was never needed - Renumbered branch migrations 159-166 → 160-167 so master's 000159 (deduplicate_policy_names) runs first - Regenerated migrations.list Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * Add API endpoint to retrieve posts for a specific view (#35604) Automatic Merge * Apply fixes after merge * Return a more specific error from getting multiple fields * Prevent getting broadcast params on field deletion if not needed * Remove duplicated migration code * Update property conflict code to always use master * Adds nil guard when iterating on property fields * Check that permission level is valid before getting rejected by the database * Validate correctness on TargetID for PSAv2 fields * Avoid PSAv1 using permissions or protected * Fix test data after validation change * Fix flaky search test * Adds more posts for filter use cases to properly test exclusions --------- Co-authored-by: Miguel de la Cruz <miguel@ctrlz.es> Co-authored-by: Alejandro García Montoro <alejandro.garciamontoro@gmail.com> Co-authored-by: Julien Tant <julien@craftyx.fr> Co-authored-by: Mattermost Build <build@mattermost.com> Co-authored-by: Julien Tant <785518+JulienTant@users.noreply.github.com> Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-27 10:36:35 +01:00
Maria A Nunez	2efee7ec28	Add single-channel guests filter and channel count column to System Console Users (#35517) ... * Add single-channel guests filter and channel count column to System Console Users - Add guest_filter query parameter to Reports API with store-level filtering by guest channel membership count (all, single_channel, multi_channel) - Add channel_count field to user report responses and CSV exports - Add grouped guest role filter options in the filter popover - Add toggleable Channel count column to the users table - Add GuestFilter and SearchTerm to Go client GetUsersForReporting - Add tests: API parsing, API integration, app job dedup, webapp utils, E2E column data rendering Made-with: Cursor * Fix gofmt alignment and isolate guest store tests - Align GuestFilter constants to satisfy gofmt - Move guest user/channel setup into a nested sub-test to avoid breaking existing ordering and role filter assertions Made-with: Cursor * Exclude archived channels from guest filter queries and ChannelCount The ChannelMembers subqueries for guest_filter (single/multi channel) and the ChannelCount column did not join with Channels to check DeleteAt = 0. Since channel archival soft-deletes (sets DeleteAt) but leaves ChannelMembers rows intact, archived channel memberships were incorrectly counted, potentially misclassifying guests between single-channel and multi-channel filters and inflating ChannelCount. - Join ChannelMembers with Channels (DeleteAt = 0) in all three subqueries in applyUserReportFilter and GetUserReport - Add store test covering archived channel exclusion - Tighten existing guest filter test assertions with found-flags and exact count checks Made-with: Cursor * Exclude DM/GM from guest channel counts, validate GuestFilter, fix dropdown divider - Scope ChannelCount and guest filter subqueries to Open/Private channel types only (exclude DM and GM), so a guest with one team channel plus a DM is correctly classified as single-channel - Add GuestFilter validation in UserReportOptions.IsValid with AllowedGuestFilters whitelist - Add API test for invalid guest_filter rejection (400) - Add store regression test for DM/GM exclusion - Fix role filter dropdown: hide the divider above the first group heading via CSS rule on DropDown__group:first-child - Update E2E test label to match "Guests in a single channel" wording Made-with: Cursor * Add store test coverage for private and GM channel types Private channels (type P) should be counted in ChannelCount and guest filters, while GM channels (type G) should not. Add a test that creates a guest with memberships in an open channel, a private channel, and a GM, then asserts ChannelCount = 2, multi-channel filter includes the guest, and single-channel filter excludes them. Made-with: Cursor * Add server i18n translation for invalid_guest_filter error The new error ID model.user_report_options.is_valid.invalid_guest_filter was missing from server/i18n/en.json, causing CI to fail. Made-with: Cursor * Make filter dropdown dividers full width Remove the horizontal inset from grouped dropdown separators so the system user role filter dividers span edge to edge across the menu. Leave the unrelated webapp/package-lock.json change uncommitted. Made-with: Cursor * Optimize guest channel report filters. Use per-user channel count subqueries for the single- and multi-channel guest filters so the report avoids aggregating all channel memberships before filtering guests.	2026-03-12 12:50:53 -04:00
Harshil Sharma	52858082fe	Anonymous URLs (#35493) ... * COmposing messages with redacted URLs * Handled non member channels * Some refinements * Optimizations * lint fixes * cleaned up hasObfuscatedSlug test * Fixed a test * Added system console setting * WIP * fixed channel seelection double selection bug * LInt fixes * i18n fixes * fixed test * CI * renamed setting * lint fixes * lint fixes * WIP * Combined TeamSignupDisplayNamePage and TeamUrl component into a single CreateTeamForm component * Converted CreateTeamForm to functional component * Refactored to mnake code cleaner * Handle team creation with setting enabled * Skipped team URL step if secure URL feature is enabled * Managed button text and steps in team creation flow * lint fixes * Don't register team URL path when using secure URL * Display team display name instead of name in system console top nav bar * Fixed tests * Fixed coderabbit issues * Fixed type errors * Optimization * improvements * Handled API errors during team creation when using secure URL setting * Some refinements * Added test * Updaetd tests, and trimming when reading instead of writing * Added tests for new components * Added BackstageNavbar tests * Restored package lock * lint fix * Updaetd plugin API * Updated team creation tests * Added tests for ChannelNameFormField * Added plugin API tests * Updated API terst * Review fixes * Added test for ConvertGmToChannelModal component * Added EA license check for secure urls feature * restored package lock * Fixed GM conversion test * Fixed team creation tests * remove message composition changes * remove message composition changes * remove message composition changes * restored a file * lint fix * renamed feature * used model.SafeDereference * Added E2E tests * add secure URL Playwright coverage Expand the secure URLs Playwright coverage to validate creation, routing, rename flows, system console configuration, and search/navigation behavior while adding the page objects needed to keep the tests maintainable. Made-with: Cursor * rename secure URLs copy to anonymous URLs Align the admin console and Playwright coverage with the Anonymous URLs feature name while preserving the existing UseAnonymousURLs config behavior and validating the renamed test surfaces. Made-with: Cursor * Update team creation CTA for anonymous URLs Show Create in the single-step anonymous URL flow while preserving Next and Finish in the standard team creation flow. Update unit and Playwright coverage to match the revised create-team UX. Made-with: Cursor --------- Co-authored-by: maria.nunez <maria.nunez@mattermost.com> Co-authored-by: Mattermost Build <build@mattermost.com>	2026-03-12 10:32:29 -04:00
Maria A Nunez	461db71178	Add single-channel guest tracking and reporting (#35451) ... * Add single-channel guest tracking and reporting - Add AnalyticsGetSingleChannelGuestCount store method to count guests in exactly one channel - Exclude single-channel guests from active user seat count in GetServerLimits - Add single-channel guest count to standard analytics response - Add Single-channel Guests card to System Statistics page with overage warning - Add Single-channel guests row to Edition and License page with overage styling - Add dismissible admin-only banner when single-channel guest limit is exceeded - Gate feature behind non-Entry SKU and guest accounts enabled checks - Re-fetch server limits on config changes for reactive UI updates - Fix label alignment in license details panel Made-with: Cursor * Refine single-channel guest tracking - Remove license GuestAccounts feature check from shouldTrackSingleChannelGuests (only config matters) - Re-add getServerLimits calls on page mount for fresh data - Remove config-change reactivity code (componentDidUpdate, useEffect) - Add server i18n translations for error strings - Sync webapp i18n via extract - Add inline comments for business logic - Restore struct field comments in ServerLimits model - Add Playwright E2E tests for single-channel guest feature - Fix label alignment in license details panel Made-with: Cursor * Guests over limit fixes and PR feedback * Fix linter issues and code quality improvements - Use max() builtin to clamp adjusted user count instead of if-statement (modernize linter) - Change banner type from ADVISOR to CRITICAL for proper red color styling Made-with: Cursor * Fix overage warnings incorrectly counting single-channel guests Single-channel guests are free and should not trigger license seat overage warnings. Update all overage checks to use serverLimits.activeUserCount (seat-adjusted, excluding SCG) instead of the raw total_users_count or TOTAL_USERS analytics stat. - UserSeatAlertBanner on License page: use serverLimits.activeUserCount - UserSeatAlertBanner on Site Statistics page: use serverLimits.activeUserCount - ActivatedUserCard display and overage check: use serverLimits.activeUserCount - OverageUsersBanner: use serverLimits.activeUserCount Made-with: Cursor * Use license.Users as fallback for singleChannelGuestLimit before limits load This prevents the SingleChannelGuestsCard from showing a false overage state before serverLimits has been fetched, while still rendering the card immediately on page load. Made-with: Cursor * Fix invite modal overage banner incorrectly counting single-channel guests Made-with: Cursor * Fix invitation modal tests missing limits entity in mock state Made-with: Cursor * Fix tests * Add E2E test for single-channel guest exceeded limit scenario Made-with: Cursor * Fix TypeScript errors in single channel guests E2E test Made-with: Cursor * Fix channel name validation error caused by unawaited async getRandomId() Made-with: Cursor * Add contextual tooltips to stat cards when guest accounts are enabled Made-with: Cursor * Code review feedback: query builder, readability, tooltips, and alignment fixes Made-with: Cursor * Fix license page tooltip alignment, width, and SaveLicense SCG exclusion Made-with: Cursor * Fix banner dismiss, license spacing, and add dismiss test Made-with: Cursor * Exclude DM/GM channels from single-channel guest count and fix E2E tests Filter the AnalyticsGetSingleChannelGuestCount query to only count memberships in public/private channels, excluding DMs and GMs. Update store tests with DM-only, GM-only, and mixed membership cases. Fix E2E overage test to mock the server limits API instead of skipping, and correct banner locator to use data-testid. Made-with: Cursor	2026-03-10 10:31:10 -04:00
Harrison Healey	6397fd5971	Update web app package versions to 11.6.0 (#35536)	2026-03-10 10:26:28 -04:00
Christopher Poile	2ada8d7659	MM-67540 - Allow searching public channel messages without channel membership (#35298) ... * UpdateByQuery methods for channel_type; rewrite reindexChannelPosts log pre-fetch error in channel Update and upgrade reindexChannelPosts to error level * add backfill orchestration, config listener, webapp toggle changes fix misleading backfill complete log when SaveOrUpdate fails * add integration & unit tests for public channel search and backfill * fix nil pointer dereference on UpdateByQuery response and log partial failures * add tests for compliance mode override and P channel post leakage * update system console snapshots * add instructions to error message * improve compliance-mode test * getAllChannels doesn't filter by O/S, need to do ourselves * in search, load channel info for channels we're not a member of * blank commit -- something is wrong with github, maybe this will help * improve channelType passing; error msg; simplify settings naming * debug logging for timing backfill and channel change; TO BE REVERTED * fix getMissingChannelsFromFiles in search as well * blank commit	2026-03-09 14:07:44 -04:00
Devin Binnie	885ebdd4f1	[MM-67425] Add an unsupported Desktop App setting and screen for users (#35382) ... * [MM-67425] Add an unsupported Desktop App setting and screen for users * Remove console.log statements * Fix e2e test config * Add e2e test * PR feedback * Update server/channels/web/static.go Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> * PR feedback * Fix i18n * PR feedback * PR feedback * PR feedback * Gofmt --------- Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>	2026-03-04 15:16:11 +00:00
Miguel de la Cruz	062abe90bd	Includes deleted remote cluster infos to correctly show shared user information (#35192) ... * Includes deleted remote cluster infos to correctly show shared user information * Addressing review comments --------- Co-authored-by: Miguel de la Cruz <miguel@ctrlz.es> Co-authored-by: Mattermost Build <build@mattermost.com>	2026-03-04 14:46:10 +01:00