* feat: filewillbedonwloaded hook
* feat: error popup
* chore: make generated pluginapi
* tests
* feat: different errors for different download types
* feat: allow toast positions
* fix: avoid using deprecated i18n function
* feat: add plugin API to show toasts
* feat: downloadType parameter
* tests: updated tests
* chore: make check-style
* chore: i18n
* chore: missing fields in tests
* chore: sorted i18n for webapp
* chore: run mmjstool
* test: fixed webapp tests with new changes
* test: missing mocks
* fix: ensure one-file attachments (previews) are handler properly as thumbnails
* chore: lint
* test: added new logic to tests
* chore: lint
* Add SendToastMessage API and FileWillBeDownloaded hook
- Introduced SendToastMessage method for sending toast notifications to users with customizable options.
- Added FileWillBeDownloaded hook to handle file download requests, allowing plugins to control access to files.
- Updated related types and constants for file download handling.
- Enhanced PluginSettings to include HookTimeoutSeconds for better timeout management.
* Update webapp/channels/src/components/single_image_view/single_image_view.tsx
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* chore: copilot reviews
* test: head requests
* chore: linted the webapp
* tests: fixed path
* test: fixed mocked args
* allow sending message to a connection directly
* fix: hook thread safety
* chore: formatting
* chore: remove configuration from system console
* chore: release version
* chore: update signature
* chore: update release version
* chore: addressed comments
* fix: update file rejection handling to use 403 Forbidden status and include rejection reason header
* Fix nil pointer panic in runFileWillBeDownloadedHook
The atomic.Value in runFileWillBeDownloadedHook can be nil if no
plugins implement the FileWillBeDownloaded hook. This causes a panic
when trying to assert the nil interface to string.
This fix adds a nil check before the type assertion, defaulting to
an empty string (which allows the download) when no hooks have run.
Fixes:
- TestUploadDataMultipart/success panic
- TestUploadDataMultipart/resume_success panic
* test: move the logout test last
* chore: restored accidential deletion
* chore: lint
* chore: make generated
* refactor: move websocket events to new package
* chore: go vet
* chore: missing mock
* chore: revert incorrect fmt
* chore: import ordering
* chore: npm i18n-extract
* chore: update constants.tsx from master
* chore: make i18n-extract
* revert: conflict merge
* fix: add missing isFileRejected prop to SingleImageView tests
* fix: mock fetch in SingleImageView tests for async thumbnail check
The component now performs an async fetch to check thumbnail availability
before rendering. Tests need to mock fetch and use waitFor to handle
the async state updates.
* refactor: move hook logic to app layer
* chore: update version to 11.5
* Scope file download rejection toast to the requesting connection
Thread the Connection-Id header through RunFileWillBeDownloadedHook and
sendFileDownloadRejectedEvent so the WebSocket event is sent only to the
connection that initiated the download, instead of all connections for
the user.
---------
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* [MM-61899] Properly restrict users who previously shared a team from DMs/GMs when they no longer share a team.
* Fix checks
* Fix test
* Fix i18n
* Added E2E tests
* Merge'd
* Add restricted DM check to more places
* Merge'd
* Restrict patching the channel (updating the channel)
* Update verbiage in the admin console
* Fix lint
* More tests
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
This commit exposes audit logging functionality to plugins via the plugin API, allowing plugins to create and log audit records. Additionally, it addresses a gob encoding issue that could cause plugin crashes when audit data contains nil pointers or unregistered types.
* poc - wip
* add search files across teams
* eslint
* fix existing tests
* fix webapp style
* fix test
* add api doc
* change initial state in test
* add tests on API
* add tests on file info layer
* fix file search tags
* add rhs reducer test
* reset team selected when the RHS is suppressed
* change css to reflect UI
* fix style
* fix doc wording
* make getSearchTeam return currentTeamId when value is not set
* await is unnecessary
* revert boolean check and add test
* add comment to getSearchTeam to let dev knows it defaults to currentTeam
* remove redundant team check
* simplfy test
* fix style check
---------
Co-authored-by: Caleb Roseland <caleb@calebroseland.com>
Co-authored-by: Mattermost Build <build@mattermost.com>
* [MM-58492][MM-58523] Fixed some access control bugs around archived channels by replacing the permission check with HasPermissionToReadChannel
* Fix lint, add ChannelId to uploads
* Fix MMCTL tests and remove unnecessary check for the error message that doesn't work anyways
* Include channel map for getting flagged posts
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
* create ChannelBookmarks table
* ChannelBookmark model
* channel bookamrks Store layer
* add GetBookmarksForAllChannelByIdSince
* add channel bookmarks to test store
* Add channel bookmarks to app layer
* remove index for createAt in channel bookmarks migrations
* remove createAt from select channel bookmark query and enable store delete bookmark test
* update reponse of UpdateBookmark
* rename db migration files
* channel bookmarks store update sort order
* channel bookmarks app layer update sort order
* fix lint & tests
* Fix lint and introduce util functions to insert / remove from slice
* remove model etag
* i18n
* defer remove file info after test run
* Fix tests passing the request context
* fix migrations
* fix TestRetry
* Add bookmark permissions (#25560)
* Adds channel bookmarks permissions
* Fix linter
* Remove unnecessary empty lines
* Remove scss change as it's not necessary anymore
* Fix mock store
* Fix mock store and add role entry
* Fix test
* Adds cypress test and update permissions migration to update admin roles
* Adds channel bookmarks roles to default admin roles
* Adds bookmark permissions to default role permissions constant in webapp
* Update mmctl test
* Update permission test after normalising the roles
* fix store tests
* fix app layer tests
* Add new bookmark endpoint (#25624)
* Adds channel bookmarks api scaffold and create endpoint
* Applies review comments to the API docs
* Adds websocket test to create channel bookmark
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
* MM-54426 exclude Channel Bookmarks files from data retention (#25656)
* Augment channel APIs to include bookmarks (#25567)
* update files docs for server 9.4
* Adds update channel bookmark endpoint (#25653)
* Adds update channel bookmark sort order endpoint (#25686)
* Adds update channel bookmark endpoint
* Updates edit app method to return the right deleted bookmark and adds tests
* Adds the update channel bookmark sort order endpoint
* Fix repeated test after merge
* Assign right permissions to each test
* Update store and app layer to return specific errors and add tests
* Adds delete channel bookmark endpoint (#25693)
* Updates edit app method to return the right deleted bookmark and adds tests
* Fix repeated test after merge
* Updates edit app method to return the right deleted bookmark and adds tests
* Adds delete channel bookmark endpoint
* Adds list channel bookmarks endpoint (#25700)
* Add channel moderation to bookmarks (#25716)
* fix migrations index
* fix getChannelsForTeamForUser
* fix getChannelsForTeamForUser
* fix bad merge client4
* fix file api with bookmark permission
* add ChannelBookmarks feature flag
* add missing translations
* Set DB column for type as enum
* use custom type for bookmark query using sqlx
* use transaction when saving bookmark
* return NewErrNotFound instead of Sql.ErrNoRows
* use squirrel for IN query
* add a limit of 1K for records in GetBookmarksForAllChannelByIdSince
* UpdateSortOrder with one single query instead of multiple updates
* fix shadow declaration
* fix channel bookmarks permission string definition in admin console
* fix another shadow declaration
* Fix model conversion
* add SplitSliceInChunks
* remove include bookmarks in channels api
* Cap amount of bookmarks per channel
* add etag back to get channels
* feedback review
* update file info when replacing a bookmark file
* return 501 not implemented when the license is not available
* add detail message when getting channel member on bookmark api
* start audit before permission check on create bookmark api
* use require.Eventuallyf for testing WS events
* remove unnecessary log in app layer
* use require instead of assert to avoid panics
* enforce limit when querying bookmarks since
* prevent to create/update bookmark if file is already attached
* fix lint
* delete file when a bookmark is deleted
* Dot allow to set a fileId and a url at the same time to a bookmark
* fix query to delete a file that belongs to a bookmark
* do not patch the bookmark type
* Server side FeatureFlag check (#26145)
* use ff in server, set ff to false
* turn on FF for unit tests
* defer unset FF for unit tests
* turn ff on for testing
* only allow attaching files that were uploaded for bookmark
* Set feature flag off as default
* fix lint
* update email templates as PR failed
* revert templates
* force the assignment of ID when creating a bookmark
* Fix unit tests
---------
Co-authored-by: Miguel de la Cruz <miguel@mcrx.me>
Co-authored-by: Mattermost Build <build@mattermost.com>
Co-authored-by: Caleb Roseland <caleb@calebroseland.com>
Co-authored-by: Scott Bishel <scott.bishel@mattermost.com>
1. For file endpoints, a recent optimization added the ChannelID column
to be part of the fileinfo table. Therefore, we can skip the postID
and directly use the channelID.
2. For post endpoints, we reorder the sequence of calls such that
we get the channelID first, and use it to check the permission of the channel
rather than query the long way around by joining with the posts table
in the permissions query.
The benefit is that SessionHasPermissionToChannel is cache-backed.
So in the happy path, we save a DB call. Because GetSinglePost anyways
needed to be called.
And in the bad path, we replace it with a more efficient call. Because
SessionHasPermissionToChannel is cache-backed, so effectively we
are replacing SessionHasPermissionToChannelByPost with GetSinglePost.
3. And then for the calls that don't have the channelID available,
we change the implementation itself to get the channelID by querying
the posts table first, and then calling SessionHasPermissionToChannel.
This creates the happy path as mentioned earlier.
While here, we also do some other optimizations:
4. Pre-populate the channelID while saving the reaction, so that
we don't need to query the posts table for every single reaction save.
5. Remove unnecessary goroutine spawning for publishing reaction events,
because anyways those are asynchronous.
https://mattermost.atlassian.net/browse/MM-56877
```release-note
NONE
```
Co-authored-by: Mattermost Build <build@mattermost.com>
* POC for API handler opts modifier
* Made upload POSt api a file upload API
* Specified file upload local API
* Specified file upload local API
* Specified file upload API
* Simplified handler params
* Added basic security checks
* Fixed i18n
* used type for API handler options
* Removed limited reader from util deserializers (#26263)
* Revert "POC: Cross-team recent search (#20027)"
This reverts commit aa59c28b04, preserving
a few code tidyings unrelated to the original PR.
* Revert "Add feature flag for command palette (#20011)"
This reverts commit c78c5ce3f3.
It was a good decision in hindsight to keep the public module as 0.x
because this would have been a breaking change again.
https://mattermost.atlassian.net/browse/MM-53032
```release-note
Changed the Go module path from github.com/mattermost/mattermost-server/server/v8 to github.com/mattermost/mattermost/server/v8.
For the public facing module, it's path is also changed from github.com/mattermost/mattermost-server/server/public to github.com/mattermost/mattermost/server/public
```
https://mattermost.atlassian.net/browse/MM-52079
```release-note
We upgrade the module version to 8.0. The new module path is github.com/mattermost-server/server/v8.
```
Co-authored-by: Doug Lauder <wiggin77@warpmail.net>
