334 commits

Author	SHA1	Message	Date
Jesse Hallam	07ba32e849	MM-62151 avoid select * for post store (#34709) ... * fix SELECT * in user_store.go * MM-62151: Avoid SELECT * in post store SQL queries Replace all SELECT * patterns in post_store.go with explicit column specifications using postSliceColumns() and postSliceColumnsWithName() helper functions. This prevents unnecessary data transfer and protects against schema changes. Changes: - Use Squirrel's .Column() method for cleaner query building - Remove unqueryvet linter exception for post_store.go - Fix 11 SELECT * occurrences in various query methods * leverage postsQuery where we can * more builder simplifications * add noSelectStar to linter --------- Co-authored-by: Mattermost Build <build@mattermost.com>	2026-01-09 18:23:16 +00:00
Ibrahim Serdar Acikgoz	1c68d36a03	Filter burn on read posts from search results (#34747)	2025-12-17 16:23:26 +01:00
Jesse Hallam	6ef73af2cc	MM-65960: Avoid replica race lag when accessing TelemetryID (#34586) ... * avoid replica race lag when remembering ServerID In an HA environment, with a master and read replica, querying the server id from the store runs the risk of returning a value saved to master but not yet replicated. Avoid this by using the telemetry service value directly when available. Fixes: MM-65960 * Add Get(ByName)WithContext * explicitly use master for ServerId * mock GetByNameWithContext * more mocking * more mocks	2025-12-11 17:34:36 -04:00
Ibrahim Serdar Acikgoz	084006c0ea	[MM-61758] Burn on read feature (#34703) ... * Add read receipt store for burn on read message types * update mocks * fix invalidation target * have consistent case on index creation * Add temporary posts table * add mock * add transaction support * reflect review comments * wip: Add reveal endpoint * user check error id instead * wip: Add ws events and cleanup for burn on read posts * add burn endpoint for explicitly burning messages * add translations * Added logic to associate files of BoR post with the post * Added test * fixes * disable pinning posts and review comments * MM-66594 - Burn on read UI integration (#34647) * MM-66244 - add BoR visual components to message editor * MM-66246 - BoR visual indicator for sender and receiver * MM-66607 - bor - add timer countdown and autodeletion * add the system console max time to live config * use the max expire at and create global scheduler to register bor messages * use seconds for BoR config values in BE * implement the read by text shown in the tooltip logic * unestack the posts from same receiver and BoR and fix styling * avoid opening reply RHS * remove unused dispatchers * persis the BoR label in the drafts * move expiration value to metadata * adjust unit tests to metadata insted of props * code clean up and some performance improvements; add period grace for deletion too * adjust migration serie number * hide bor messages when config is off * performance improvements on post component and code clean up * keep bor existing post functionality if config is disabled * Add read receipt store for burn on read message types * Add temporary posts table * add transaction support * reflect review comments * wip: Add reveal endpoint * user check error id instead * wip: Add ws events and cleanup for burn on read posts * avoid reacting to unrevealed bor messages * adjust migration number * Add read receipt store for burn on read message types * have consistent case on index creation * Add temporary posts table * add mock * add transaction support * reflect review comments * wip: Add reveal endpoint * user check error id instead * wip: Add ws events and cleanup for burn on read posts * add burn endpoint for explicitly burning messages * adjust post reveal and type with backend changes * use real config values, adjust icon usage and style * adjust the delete from from sender and receiver * improve self deleting logic by placing in badge, use burn endpoint * adjust websocket events handling for the read by sender label information * adjust styling for concealed and error state * update burn-on-read post event handling for improved recipient tracking and multi-device sync * replace burn_on_read with type in database migrations and model * remove burn_on_read metadata from PostMetadata and related structures * Added logic to associate files of BoR post with the post * Added test * adjust migration name and fix linter * Add read receipt store for burn on read message types * update mocks * have consistent case on index creation * Add temporary posts table * add mock * add transaction support * reflect review comments * wip: Add reveal endpoint * user check error id instead * wip: Add ws events and cleanup for burn on read posts * add burn endpoint for explicitly burning messages * Added logic to associate files of BoR post with the post * Added test * disable pinning posts and review comments * show attachment on bor reveal * remove unused translation * Enhance burn-on-read post handling and refine previous post ID retrieval logic * adjust the returning chunk to work with bor messages * read temp post from master db * read from master * show the copy link button to the sender * revert unnecessary check * restore correct json tag * remove unused error handling and clarify burn-on-read comment * improve type safety and use proper selectors * eliminate code duplication in deletion handler * optimize performance and add documentation * delete bor message for sender once all receivers reveal it * add burn on read to scheduled posts * add feature enable check * use master to avoid all read recipients race condition --------- Co-authored-by: Mattermost Build <build@mattermost.com> Co-authored-by: Ibrahim Serdar Acikgoz <serdaracikgoz86@gmail.com> Co-authored-by: Harshil Sharma <harshilsharma63@gmail.com> * squash migrations into single file * add configuration for the scheduler * don't run messagehasbeenposted hook * remove parallel tests on burn on read * add clean up for closing opened modals from previous tests * simplify delete menu item rendering * add cleanup step to close open modals after each test to prevent pollution * streamline delete button visibility logic for Burn on Read posts * improve reliability of closing post menu and modals by using body ESC key --------- Co-authored-by: Harshil Sharma <harshilsharma63@gmail.com> Co-authored-by: Pablo Vélez <pablovv2012@gmail.com> Co-authored-by: Mattermost Build <build@mattermost.com>	2025-12-11 07:59:50 +01:00
Nick Misasi	5777dcd254	Fix issues with access_control_policies/search endpoint functionality and docs (#34564) ... * Fix issues with access_control_policies/search endpoint functionality and docs * Undo	2025-11-25 14:04:14 -05:00
Elias Nahum	1022cd44c0	MM-65756 Database Migrations, Indexes and Methods for Auto-Translation (#34047) ... * AutoTranslate config settings * comment out Agents provider * Add auto translate timeout config validation * i18n messages for autotranslation config validation * fix test * validate url for libreTranslate * Feedback review * Admin Console UI for Auto-Translation * fix admin console conditional section display * i18n * removed unintentional change Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * update admin.general.localization.autoTranslateProviderDescription newline * fix lint * Fix types * UX feedback review * fix typo in i18n * Fix AutoTranslation feature flag * feedback review * Fix test default values * feedback review * re-add isHidden property to feature discovery * Database Migrations, Indexes and Methods for Auto-Translation * i18n * fix retrylayer and storetest * Fix search query * fix lint * remove the request.CTX and modify Translation model * fix lint and external url * Add settings to playwright * Add empty as a valid value for the Provider * Update jsonb queries * Fix queries and add model methods * fix go lint * go lint fix 2 * fix db migrations * feedback review + store cache * increase migration number * cleanup autotranslation store cache * use NULL as objectType for posts * fix bad merge * fix tests * add missing i18n * Switch prop bags column to boolean * fix lint * fix tests * Remove database search * use Builder methods --------- Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Co-authored-by: BenCookie95 <benkcooke@gmail.com>	2025-11-22 09:32:01 +08:00
Rahim Rahman	edb05c7ea5	Magic link (passwordless) authentication for guests (#34264) ... * Add EasyLogin configuration (#34217) * add easy login config * add easy login to the invite modal * add to the query parameters * Add an API to get login method for the login id (#34223) * add an api to get login method for the login id * do not return errors if user is not found * Add support for Easy Login invitation link sending (#34224) This generates Easy Login token types when requested. The server doesn't do anything with these tokens, yet - that will come in a future change. * Add support for logging in with easy login (#34236) * Fix E2E tests (#34240) * Prevent easy login accounts to reset their password (#34262) * Add easy login support to login api and limit token to 5 min (#34259) * webapp easy login ui mods (#34237) * webapp easy login ui mods * easy login i18n * lint issues * getUserLoginType * using the real API * easylogin proper redirect * remove unneeded functions and files * duplicated localization * remove easylogin * using EnableEasyLogin setting * localization fix * fix lint issue * remove excessive setIsWaiting * changed logic to make it more readable * renaming component to make easier editable * password will disappear when username change * login test * text for easy login password * Add app links to emails * Update templates and always land in the landing screen * Update svg image, improve checks on server, fix linking page and show deactivated on login type * Update naming * Fix mocks and imports * Remove all sessions on disable and forbid user promotion * Fix layer and tests * Address feedback * Fix tests * Fix missing string * Fix texts * Fix tests * Fix constant name * Fix tests * Fix test * Address feedback * Fix lint * Fix test * Address feedback * Fix test --------- Co-authored-by: Ibrahim Serdar Acikgoz <serdaracikgoz86@gmail.com> Co-authored-by: David Krauser <david@krauser.org> Co-authored-by: Daniel Espino <larkox@gmail.com> Co-authored-by: Mattermost Build <build@mattermost.com>	2025-11-20 14:06:23 +01:00
Carlos Garcia	4ba7f7e16e	MM-66202: Migrate to aws-sdk-go-v2 (#34496) ... * updated aws-sdk dependency to aws-sdk-go-v2 * simplify error handling in case of timeout errors --------- Co-authored-by: Mattermost Build <build@mattermost.com>	2025-11-20 11:26:09 +01:00
Ibrahim Serdar Acikgoz	fc93ede640	[MM-65956] Tweak auto add to make it consistent with child policies (#33990)	2025-11-19 20:18:45 +00:00
Scott Bishel	b1338853a1	Add cursor-based Posts Reporting API for compliance and auditing (#34252) ... * Add cursor-based Posts Reporting API for compliance and auditing Implements a new admin-only endpoint for retrieving posts with efficient cursor-based pagination, designed for compliance, auditing, and archival workflows. Key Features: - Cursor-based pagination using composite (time, ID) keys for consistent performance regardless of dataset size (~10ms per page at any depth) - Flexible time range queries with optional upper/lower bounds - Support for both create_at and update_at time fields - Ascending or descending sort order - Optional metadata enrichment (files, reactions, acknowledgements) - System admin only access (requires manage_system permission) - License enforcement for compliance features API Endpoint: POST /api/v4/reports/posts - Request: JSON body with channel_id, cursor_time, cursor_id, and options - Response: Posts map + next_cursor object (null when pagination complete) - Max page size: 1000 posts per request (MaxReportingPerPage constant) Implementation: - Store Layer: Direct SQL queries with composite index on (ChannelId, CreateAt, Id) - App Layer: Permission checks, optional metadata enrichment, post hooks - API Layer: Parameter validation, system admin enforcement, license checks - Data Model: ReportPostOptions, ReportPostOptionsCursor, ReportPostListResponse Code Quality Improvements: - Added MaxReportingPerPage constant (1000) to eliminate magic numbers - Removed unused StartTime field from ReportPostOptions - Added fmt import for dynamic error messages Testing: - 14 comprehensive store layer unit tests - 12 API layer integration tests covering permissions, pagination, filters - All tests passing Documentation: - POSTS_REPORTING.md: Developer reference with Go structs and usage examples - POSTS_REPORTING_API_SPEC.md: Complete technical specification - GET_POSTS_API_IMPROVEMENTS.md: Implementation analysis and design rationale - POSTS_TIME_RANGE_FEATURE.md: Archived time range feature for future use Performance: Cursor-based pagination maintains consistent ~10ms query time at any dataset depth, compared to offset-based pagination which degrades significantly (Page 1 = 10ms, Page 1000 = 10 seconds). 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> * lint fixes * lint fixes * gofmt * i18n-extract * Add Enterprise license requirement to posts reporting API Enforce Enterprise license (tier 20+) for the new posts reporting endpoint to align with compliance feature licensing. Professional tier is insufficient. Changes: - Add MinimumEnterpriseLicense check in GetPostsForReporting app layer - Add test coverage for license validation (no license and Professional tier) All existing tests pass with new license enforcement. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> * i18n-extract * add licensing to api documentation * Test SSH signing * Add mmctl command for posts reporting API Adds mmctl report posts command to retrieve posts from a channel for administrative reporting purposes. Supports cursor-based pagination with configurable sorting, filtering, and time range options. Includes database migration for updateat+id index to support efficient cursor-based queries when sorting by update_at. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> * Refactor posts reporting API cursor to opaque token and improve layer separation This addresses code review feedback by transforming the cursor from exposed fields to an opaque token and improving architectural layer separation. **Key Changes:** 1. **Opaque Cursor Implementation** - Transform cursor from split fields (cursor_time, cursor_id) to single opaque base64-encoded string - Cursor now self-contained with all query parameters embedded - When cursor provided, embedded parameters take precedence over request body - Clients treat cursor as opaque token and pass unchanged 2. **Field Naming** - Rename ExcludeChannelMetadataSystemPosts → ExcludeSystemPosts - Now excludes ALL system posts (any type starting with "system_") - Clearer and more consistent naming 3. **Layer Separation** - Move cursor decoding from store layer to model layer - Create ReportPostQueryParams struct for resolved parameters - Store layer receives pre-resolved parameters (no business logic) - Add ResolveReportPostQueryParams() function in model layer 4. **Code Quality** - Add type-safe constants (ReportingTimeFieldCreateAt, ReportingSortDirectionAsc, etc.) - Replace magic number 9223372036854775807 with math.MaxInt64 - Remove debug SQL logging (info disclosure risk) - Update mmctl to use constants and fix NextCursor pointer access 5. **Tests** - Update all 17 store test calls to use new resolution pattern - Add comprehensive test for DESC + end_time boundary behavior 6. **API Documentation** - Update OpenAPI spec to reflect opaque cursor format - Update all request/response examples - Clarify end_time behavior with sort directions **Files Changed:** - Model layer: public/model/post.go - App layer: channels/app/report.go - Store layer: channels/store/store.go, channels/store/sqlstore/post_store.go - Tests: channels/store/storetest/post_store.go - Mocks: channels/store/storetest/mocks/PostStore.go - API: channels/api4/report.go, channels/api4/report_test.go - mmctl: cmd/mmctl/commands/report.go - Docs: api/v4/source/reports.yaml 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> * Fix unhandled parse errors in cursor decoding Address security finding: cursor decoding was silently ignoring parse errors from strconv functions, which could lead to unexpected behavior when malformed cursors are provided. Changes: - Add explicit error handling for strconv.Atoi (version parsing) - Add explicit error handling for strconv.ParseBool (includeDeleted, excludeSystemPosts) - Add explicit error handling for strconv.ParseInt (timestamp parsing) - Return clear error messages indicating which field failed to parse This prevents silent failures where malformed values would default to zero-values (0, false) and potentially alter query behavior without warning. Addresses DryRun Security finding: "Unhandled Errors in Cursor Parsing" 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> * Fix linting issues - Remove unused reportPostCursorV1 struct (unused) - Remove obsolete +build comment (buildtag) - Use maps.Copy instead of manual loop (mapsloop) - Modernize for loop with range over int (rangeint) - Apply gofmt formatting 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> * Fix gofmt formatting issues Fix alignment in struct literals and constant declarations: - Align map keys in report_test.go request bodies - Align struct fields in ReportPostOptions initialization - Align reporting constant declarations 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> * Update mmctl tests for opaque cursor and add i18n translations Update report_test.go to align with the refactored Posts Reporting API: - Replace split cursor flags (cursor-time, cursor-id) with single opaque cursor flag - Update field name: ExcludeChannelMetadataSystemPosts → ExcludeSystemPosts - Update all mock expectations to use new ReportPostOptionsCursor structure - Replace test cursor values with base64-encoded opaque cursor strings Add English translations for cursor decoding error messages in i18n/en.json. Minor API documentation fix in reports.yaml (remove "all" from description). 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> * Update mmctl tests for opaque cursor and add i18n translations Update report_test.go to align with the refactored Posts Reporting API: - Replace split cursor flags (cursor-time, cursor-id) with single opaque cursor flag - Update field name: ExcludeChannelMetadataSystemPosts → ExcludeSystemPosts - Update all mock expectations to use new ReportPostOptionsCursor structure - Replace test cursor values with base64-encoded opaque cursor strings Add English translations for cursor decoding error messages in i18n/en.json. Minor API documentation fix in reports.yaml (remove "all" from description). 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> * more lint fixes * remove index update files * Remove end_time parameter from Posts Reporting API Align with other cursor-based APIs in the codebase by removing the end_time parameter. The caller now controls when to stop pagination by simply not making another request, which is the same pattern used by GetPostsSinceForSync, MessageExport, and GetPostsBatchForIndexing. Changes: - Remove EndTime field from ReportPostOptions and ReportPostQueryParams - Remove EndTime filtering logic from store layer - Remove tests that used end_time parameter 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> * Refactor posts reporting API for security and validation Address security review feedback by consolidating parameter resolution and validation in the API layer, with comprehensive validation of all cursor fields to prevent SQL injection and invalid queries. Changes: - Move parameter resolution from model to API layer for clearer separation - Add ReportPostQueryParams.Validate() with inline validation for all fields - Validate ChannelId, TimeField, SortDirection, and CursorId format - Add start_time parameter for time-bounded queries - Cap per_page at 100-1000 instead of rejecting invalid values - Export DecodeReportPostCursorV1() for API layer use - Simplify app layer to receive pre-validated parameters - Check channel existence when results are empty (better error messages) Testing: - Add 10 model tests for validation and malformed cursor scenarios - Add 4 API tests for cursors with invalid field values - Refactor 13 store tests to use buildReportPostQueryParams() helper - All 31 tests pass Documentation: - Update OpenAPI spec with start_time, remove unused end_time - Update markdown docs with start_time examples Security improvements: - Whitelist validation prevents SQL injection in TimeField/SortDirection - Format validation ensures ChannelId and CursorId are valid IDs - Single validation point for both cursor and options paths - Defense in depth: validation + parameterized queries + store layer whitelist 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> * Improve posts reporting query efficiency and safety Replace SELECT * and nested OR/AND conditions with explicit column selection and PostgreSQL row value comparison for better performance and maintainability. Changes: - Use postSliceColumns() instead of SELECT * for explicit column selection - Replace Squirrel OR/AND with row value comparison: (timeField, Id) > (?, ?) - Use fmt.Sprintf for safer string formatting in WHERE clause Query improvements: Before: WHERE (CreateAt > ?) OR (CreateAt = ? AND Id > ?) After: WHERE (CreateAt, Id) > (?, ?) Benefits: - Explicit column selection prevents issues if table schema changes - Row value comparison is more concise and better optimized by PostgreSQL - Follows existing patterns in post_store.go (postSliceColumns) - Standard SQL:2003 syntax 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> * Change posts reporting response from map to ordered array Replace the Posts map with an ordered array to preserve query sort order and provide a more natural API response for sequential processing. Changes: - ReportPostListResponse.Posts: map[string]*Post → []*Post - Store layer returns posts array directly (already sorted by query) - App layer iterates by index for metadata enrichment - Remove applyPostsWillBeConsumedHook call (not applicable to reporting) - Update API tests to iterate arrays instead of map lookups - Update store tests to convert array to map for deduplication checks - Remove unused "maps" import Benefits: - Preserves query sort order (ASC/DESC, create_at/update_at) - More natural for sequential processing/export workflows - Simpler response structure for reporting/compliance use cases - Aligns with message export/compliance patterns (no plugin hooks) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> * Fix linting issues in posts reporting tests Replace inefficient loops with append(...) for better performance. Changes: - Use append(postSlice, result.Posts...) instead of loop - Simplifies code and follows staticcheck recommendations 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> * Fix store test AppError nil checking Use require.Nil instead of require.NoError for *AppError returns to avoid Go interface nil pointer issues. When DecodeReportPostCursorV1 returns nil *AppError and it's assigned to error interface, the interface becomes non-nil even though the pointer is nil. This causes require.NoError to fail incorrectly. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> --------- Co-authored-by: Claude <noreply@anthropic.com> Co-authored-by: Mattermost Build <build@mattermost.com>	2025-11-17 09:02:19 -07:00
Ibrahim Serdar Acikgoz	c5fa7a7e52	access_control_policy_store: fix an issue with paging where results are not sorted (#34400)	2025-11-17 15:42:49 +01:00
Ben Cooke	3aad6b0448	Add support for resource parameter with OAuth (#33743)	2025-11-11 15:24:42 -05:00
Ben Cooke	a79ac96b50	OAuth public client support through DCR and PKCE support for public/confidential clients (#33664) ... * public client support along with PKCE for public/confidential clients --------- Co-authored-by: Mattermost Build <build@mattermost.com>	2025-11-11 17:43:37 +00:00
Ben Cooke	a9c9953439	Authorization metadata endpoint and Dynamic Client Registration of Confidential OAuth Apps (#33642) ... * initial DCR and metadata implementation * check for duplicate registrations * tests and other cleanup * dcr fixes * tidy up unused DCR fields * remove initial access token support * remove duplicate client checks * remove unused store function * remove restrictive redirect url checks * create some constants for endpoints * surface support for implicit grant and add system console setting * fix frontend issues with DCR clients * rate limiting the DCR endpoint * lint * lint and cleanup * remove storage of grants, responses and methods. Just enforce in the code * fix lint and tests * docs and test * accidentally removed comments * fix mock * translations * do not advertise public client capability * validate supplied token_endpoint_auth_method * fix pr comments * updates * add metadata endpoint to docs * add definition * lint * fix client4 * fix client methods * fix client again --------- Co-authored-by: Mattermost Build <build@mattermost.com>	2025-11-11 14:27:18 +00:00
Ben Schumacher	549be3d2b1	Remove context.Context from Store (#34413)	2025-11-07 08:41:43 +01:00
Ben Schumacher	892a7c9c69	Use golangci-lints's build-in modernize linter (#34341)	2025-11-04 12:09:11 +01:00
Harshil Sharma	519fb5faf0	Content flagging thread fixes (#34162) ... * created new API to fetch flagged posts * lint fix * Added new client methods * test: add comprehensive tests for content flagging APIs * Added new API tests * fixed openapi spec * Fixed DataSpillageReport tests * Fixed PostMarkdown test * Fixed PostPreviewPropertyRenderer test * Added metadata to card renderer * test fixes * Added no comment placeholder * Added view detail button * Created RemoveFlaggedMessageConfirmationModal modal * Added key and remove flag request modal * IMplemented delete flagged post * Handled edge cases of deleting flagged post * keep message * UI integration * Added WS event for post report update and handled deleted files of flagged post * Added error handling in keep/remove forms * i18n fixes * Fixed test * Updated OpenAPI specs * fixed types * fixed types * refactoring * refactor: improve test mocking for data spillage report component * test mock updates * Fixed tests * Updated reducer * not resetting mocks * Added migrations for content flagging tables * Created new structure * review fixes * Used correct ot name * WIP * review fixes * review fixes * Added new property translations * CI * CI * CI * Improved test * fixed test * CI * New UI component * WIP * Updated settings APIs * cached DB data * used cached reviewer data * Updated tests * Lint fixes * test: add tests for saveContentFlaggingSettings and getContentFlaggingSettings APIs * test fix * test: add tests for SaveContentFlaggingConfig and GetContentFlaggingConfigReviewerIDs * Updated tests * test: add content flagging test for local cache layer * test: add comprehensive tests for content flagging store cache * Updated tests * lint fix * Updated mobile text * Added content flagging SQL store mocks * Added API specs for new APIs * fixed tests * feat: add TestContentFlaggingStore function for content flagging store testing * feat: add comprehensive tests for content flagging store * Added SQL store tests * test: add content flagging test for local cache layer * test: add tests for content flagging store caching * Added cache layer tests * Updated tests * Fixed * Handled JSON error * fixes * fixes * Fixed retry layer test * fixerdf i18n * Fixed test * CI * building index concurrently * CI * fixed a test * CI * cleanup * Implemented reviewer search API * feat: add tests for SearchCommonContentFlaggingReviewers and SearchTeamContentFlaggingReviewers * Added store tests * test: add comprehensive tests for SearchReviewers function * feat: add comprehensive tests for searchReviewers endpoint * API tests * Integrate flag post api (#33798) * WIP * WIP * Added API call * test: add test for Client4.flagPost API call in FlagPostModal * fix: remove userEvent.setup() from flag post modal test * test: wrap submit button click in act for proper state updates * Updated tests * lint fix * CI * Updated to allow special characters in comments * Handled empty comment * Used finally * CI * Fixed test * Spillage card integration (#33832) * Created getContentFlaggingFields API * created getPostPropertyValues API * WIP * Created useContentFlaggingFields hook * WIP * WIP * Added option to retain data for reviewers * Displayed deleted post's preview * DIsplayed all properties * Adding field name i18n * WIP - managing i18n able texts * Finished displaying all fields * Manual cleanup * lint fixes * team role filter logic fix * Fixed tests * created new API to fetch flagged posts * lint fix * Added new client methods * test: add comprehensive tests for content flagging APIs * Added new API tests * fixed openapi spec * Fixed DataSpillageReport tests * Fixed PostMarkdown test * Fixed PostPreviewPropertyRenderer test * Added metadata to card renderer * test fixes * Added no comment placeholder * Fixed test * refactor: improve test mocking for data spillage report component * test mock updates * Updated reducer * not resetting mocks * WIP * review fixes * CI * Fixed * fixes * Content flagging actions implementation (#33852) * Added view detail button * Created RemoveFlaggedMessageConfirmationModal modal * Added key and remove flag request modal * IMplemented delete flagged post * Handled edge cases of deleting flagged post * keep message * UI integration * Added WS event for post report update and handled deleted files of flagged post * Added error handling in keep/remove forms * i18n fixes * Updated OpenAPI specs * fixed types * fixed types * refactoring * Fixed tests * review fixes * Added new property translations * Improved test * fixed test * CI * fixes * CI * fixed a test * fixed abad commit * CI * WIP * IMplemented assign reviewer API * Display reviewers * Review fixes * UI integration * lint fix * Added API docs * test: add comprehensive tests for assignFlaggedPostReviewer function * test: add comprehensive tests for AssignFlaggedPostReviewer * Added tests * Fixed test * Sequential tests * minor improvemenmts * WIP * Added keep/delete message notifications * refactor: update AssignFlaggedPostReviewer method signature to include context * test: add tests for getReviewerPostsForFlaggedPost and postReviewerMessage * lint fixes * handled reviewer updates * Handled preference * Implemented notifications * test: add comprehensive tests for content flagging notification functions * refactor: Replace th.UpdateConfig with SaveContentFlaggingConfig in tests * test: add test case for content flagging with string comparison * refactor: simplify content flagging test config setup * refactor: Update content flagging notification settings types in test cases * refactor: Update content flagging tests to use exact message matching * Added tests * lint fixes * Added new hooks * lint fixes * feat: add API specs for getPostChannel and getPostTeam endpoints * lint fixes * test: add tests for getPostChannel and getPostTeam APIs * Added API tests * test: add empty test files for property card view loaders * test: add comprehensive tests for property card view hooks * refactor: replace waitForNextUpdate with waitFor in test files * Added hook tests * fixed test * review fixes * Fixed a test * Fixed a test * Fixed for default state * lint fixes * migration update * review fixes * Reduced code duplication * Refactored tests to reduce duplication * review fixes * lint fix * WIP * Updated existing APIs instead of creating new API * Lint fix * Added new tests * Fixed a test * Review fixes * WIP * test: add comprehensive tests for sendFlaggedPostRemovalNotification and sendKeepFlaggedPostNotification * Updated tests * review fixes * review fixes * test update * fixed a test * Updated logs * i18n fixes * Restore replies when restoring root post * Finalized the function * Fixed threads issue * Removed unused functions * fixed a test * Refactored to use properties for replies * Updated test * lint fix * Test fix * reverted unintentional refactoring * removed a query change that is no longer used	2025-11-04 13:52:33 +05:30
Angel Mendez	35dd8dea50	GH-16800/AdminRoleGroupsForSyncableMember (#34077) ... * refactor: use builder AdminRoleGroupsForSyncableMember replace plain text query with query builder on function AdminRoleGroupsForSyncableMember * refactor AdminRoleGroupsForSyncableMember query improve query readability	2025-10-28 16:27:07 +00:00
Jesse Hallam	acda1fb5dd	MM-66299: type handling for ConsumeTokenOnce (#34247)	2025-10-22 18:03:33 -03:00
Harshil Sharma	79756ae1e1	Reviewer search api (#34036) ... * Added another property field * WIP * WIP * Added validations * Added data validations and hidden post if confifgured to * lint fixes * Added API spec * Added some tests * Added tests for getContentReviewBot * test: add comprehensive tests for getContentReviewChannels function * Added more app layer tests * Added TestCanFlagPost * test: Add comprehensive tests for FlagPost function * Added all app layer tests * Removed a file that was reamoved downstream * test: add content flagging test file * test: add comprehensive tests for FlagContentRequest.IsValid method * Added model tests * test: add comprehensive tests for SqlPropertyValueStore.CreateMany * test: add comprehensive tests for flagPost() API function * Added API tests * linter fix * WIP * sent post flagging confirmation message * fixed i18n nissues * fixed i18n nissues * CI * WIP * WIP * Added API call * test: add test for Client4.flagPost API call in FlagPostModal * fix: remove userEvent.setup() from flag post modal test * test: wrap submit button click in act for proper state updates * Updated tests * lint fix * Updated test * fix: reset contentFlaggingGroupId for test isolation in content flagging tests * removed cached group ID * removed debug log * CI * Updated to allow special characters in comments * Handled empty comment * Created getContentFlaggingFields API * created getPostPropertyValues API * Used finally * WIP * Created useContentFlaggingFields hook * WIP * WIP * Added option to retain data for reviewers * Displayed deleted post's preview * DIsplayed all properties * Adding field name i18n * WIP - managing i18n able texts * Finished displaying all fields * Manual cleanup * lint fixes * team role filter logic fix * Fixed tests * created new API to fetch flagged posts * lint fix * Added new client methods * test: add comprehensive tests for content flagging APIs * Added new API tests * fixed openapi spec * Fixed DataSpillageReport tests * Fixed PostMarkdown test * Fixed PostPreviewPropertyRenderer test * Added metadata to card renderer * test fixes * Added no comment placeholder * Added view detail button * Created RemoveFlaggedMessageConfirmationModal modal * Added key and remove flag request modal * IMplemented delete flagged post * Handled edge cases of deleting flagged post * keep message * UI integration * Added WS event for post report update and handled deleted files of flagged post * Added error handling in keep/remove forms * i18n fixes * Fixed test * Updated OpenAPI specs * fixed types * fixed types * refactoring * refactor: improve test mocking for data spillage report component * test mock updates * Fixed tests * Updated reducer * not resetting mocks * Added migrations for content flagging tables * Created new structure * review fixes * Used correct ot name * WIP * review fixes * review fixes * Added new property translations * CI * CI * CI * Improved test * fixed test * CI * New UI component * WIP * Updated settings APIs * cached DB data * used cached reviewer data * Updated tests * Lint fixes * test: add tests for saveContentFlaggingSettings and getContentFlaggingSettings APIs * test fix * test: add tests for SaveContentFlaggingConfig and GetContentFlaggingConfigReviewerIDs * Updated tests * test: add content flagging test for local cache layer * test: add comprehensive tests for content flagging store cache * Updated tests * lint fix * Updated mobile text * Added content flagging SQL store mocks * Added API specs for new APIs * fixed tests * feat: add TestContentFlaggingStore function for content flagging store testing * feat: add comprehensive tests for content flagging store * Added SQL store tests * test: add content flagging test for local cache layer * test: add tests for content flagging store caching * Added cache layer tests * Updated tests * Fixed * Handled JSON error * fixes * fixes * Fixed retry layer test * fixerdf i18n * Fixed test * CI * building index concurrently * CI * fixed a test * CI * cleanup * Implemented reviewer search API * feat: add tests for SearchCommonContentFlaggingReviewers and SearchTeamContentFlaggingReviewers * Added store tests * test: add comprehensive tests for SearchReviewers function * feat: add comprehensive tests for searchReviewers endpoint * API tests * Integrate flag post api (#33798) * WIP * WIP * Added API call * test: add test for Client4.flagPost API call in FlagPostModal * fix: remove userEvent.setup() from flag post modal test * test: wrap submit button click in act for proper state updates * Updated tests * lint fix * CI * Updated to allow special characters in comments * Handled empty comment * Used finally * CI * Fixed test * Spillage card integration (#33832) * Created getContentFlaggingFields API * created getPostPropertyValues API * WIP * Created useContentFlaggingFields hook * WIP * WIP * Added option to retain data for reviewers * Displayed deleted post's preview * DIsplayed all properties * Adding field name i18n * WIP - managing i18n able texts * Finished displaying all fields * Manual cleanup * lint fixes * team role filter logic fix * Fixed tests * created new API to fetch flagged posts * lint fix * Added new client methods * test: add comprehensive tests for content flagging APIs * Added new API tests * fixed openapi spec * Fixed DataSpillageReport tests * Fixed PostMarkdown test * Fixed PostPreviewPropertyRenderer test * Added metadata to card renderer * test fixes * Added no comment placeholder * Fixed test * refactor: improve test mocking for data spillage report component * test mock updates * Updated reducer * not resetting mocks * WIP * review fixes * CI * Fixed * fixes * Content flagging actions implementation (#33852) * Added view detail button * Created RemoveFlaggedMessageConfirmationModal modal * Added key and remove flag request modal * IMplemented delete flagged post * Handled edge cases of deleting flagged post * keep message * UI integration * Added WS event for post report update and handled deleted files of flagged post * Added error handling in keep/remove forms * i18n fixes * Updated OpenAPI specs * fixed types * fixed types * refactoring * Fixed tests * review fixes * Added new property translations * Improved test * fixed test * CI * fixes * CI * fixed a test * fixed abad commit * CI * WIP * IMplemented assign reviewer API * Display reviewers * Review fixes * UI integration * lint fix * Added API docs * test: add comprehensive tests for assignFlaggedPostReviewer function * test: add comprehensive tests for AssignFlaggedPostReviewer * Added tests * Fixed test * Sequential tests * minor improvemenmts * WIP * Added keep/delete message notifications * refactor: update AssignFlaggedPostReviewer method signature to include context * test: add tests for getReviewerPostsForFlaggedPost and postReviewerMessage * lint fixes * handled reviewer updates * Handled preference * review fixes * Review fixes	2025-10-14 09:06:23 +05:30
Harshil Sharma	3265054ad5	Migrate content flagging settings to database (#33989) ... * lint fix * CI * added new migration mocks * Used setup for tests * some comment * Removed unnecesseery nil check * Form validation * WIP tests * WIP tests * WIP tests * fix: mock content flagging config selector with correct reasons format Co-authored-by: aider (anthropic/claude-sonnet-4-20250514) <aider@aider.chat> * fix: add mock for getContentFlaggingConfig in flag post modal test Co-authored-by: aider (anthropic/claude-sonnet-4-20250514) <aider@aider.chat> * Updated error code order in API docs * removed empty files * Added tests * lint fixes * minor tweak * lint fix * type fix * fixed test * nit * test enhancements * API WIP * API WIP * creating values * creating content flagging channel and properties * Able to save properties * Added another property field * WIP * WIP * Added validations * Added data validations and hidden post if confifgured to * lint fixes * Added API spec * Added some tests * Added tests for getContentReviewBot * test: add comprehensive tests for getContentReviewChannels function * Added more app layer tests * Added TestCanFlagPost * test: Add comprehensive tests for FlagPost function * Added all app layer tests * Removed a file that was reamoved downstream * test: add content flagging test file * test: add comprehensive tests for FlagContentRequest.IsValid method * Added model tests * test: add comprehensive tests for SqlPropertyValueStore.CreateMany * test: add comprehensive tests for flagPost() API function * Added API tests * linter fix * WIP * sent post flagging confirmation message * fixed i18n nissues * fixed i18n nissues * CI * WIP * WIP * Added API call * test: add test for Client4.flagPost API call in FlagPostModal * fix: remove userEvent.setup() from flag post modal test * test: wrap submit button click in act for proper state updates * Updated tests * lint fix * Updated test * fix: reset contentFlaggingGroupId for test isolation in content flagging tests * removed cached group ID * removed debug log * CI * Updated to allow special characters in comments * Handled empty comment * Created getContentFlaggingFields API * created getPostPropertyValues API * Used finally * WIP * Created useContentFlaggingFields hook * WIP * WIP * Added option to retain data for reviewers * Displayed deleted post's preview * DIsplayed all properties * Adding field name i18n * WIP - managing i18n able texts * Finished displaying all fields * Manual cleanup * lint fixes * team role filter logic fix * Fixed tests * created new API to fetch flagged posts * lint fix * Added new client methods * test: add comprehensive tests for content flagging APIs * Added new API tests * fixed openapi spec * Fixed DataSpillageReport tests * Fixed PostMarkdown test * Fixed PostPreviewPropertyRenderer test * Added metadata to card renderer * test fixes * Added no comment placeholder * Added view detail button * Created RemoveFlaggedMessageConfirmationModal modal * Added key and remove flag request modal * IMplemented delete flagged post * Handled edge cases of deleting flagged post * keep message * UI integration * Added WS event for post report update and handled deleted files of flagged post * Added error handling in keep/remove forms * i18n fixes * Fixed test * Updated OpenAPI specs * fixed types * fixed types * refactoring * refactor: improve test mocking for data spillage report component * test mock updates * Fixed tests * Updated reducer * not resetting mocks * Added migrations for content flagging tables * Created new structure * review fixes * Used correct ot name * WIP * review fixes * review fixes * Added new property translations * CI * CI * CI * Improved test * fixed test * CI * New UI component * WIP * Updated settings APIs * cached DB data * used cached reviewer data * Updated tests * Lint fixes * test: add tests for saveContentFlaggingSettings and getContentFlaggingSettings APIs * test fix * test: add tests for SaveContentFlaggingConfig and GetContentFlaggingConfigReviewerIDs * Updated tests * test: add content flagging test for local cache layer * test: add comprehensive tests for content flagging store cache * Updated tests * lint fix * Updated mobile text * Added content flagging SQL store mocks * Added API specs for new APIs * fixed tests * feat: add TestContentFlaggingStore function for content flagging store testing * feat: add comprehensive tests for content flagging store * Added SQL store tests * test: add content flagging test for local cache layer * test: add tests for content flagging store caching * Added cache layer tests * Updated tests * Fixed * Handled JSON error * fixes * fixes * Fixed retry layer test * fixerdf i18n * Fixed test * CI * building index concurrently * CI * fixed a test * CI * cleanup * Integrate flag post api (#33798) * WIP * WIP * Added API call * test: add test for Client4.flagPost API call in FlagPostModal * fix: remove userEvent.setup() from flag post modal test * test: wrap submit button click in act for proper state updates * Updated tests * lint fix * CI * Updated to allow special characters in comments * Handled empty comment * Used finally * CI * Fixed test * Spillage card integration (#33832) * Created getContentFlaggingFields API * created getPostPropertyValues API * WIP * Created useContentFlaggingFields hook * WIP * WIP * Added option to retain data for reviewers * Displayed deleted post's preview * DIsplayed all properties * Adding field name i18n * WIP - managing i18n able texts * Finished displaying all fields * Manual cleanup * lint fixes * team role filter logic fix * Fixed tests * created new API to fetch flagged posts * lint fix * Added new client methods * test: add comprehensive tests for content flagging APIs * Added new API tests * fixed openapi spec * Fixed DataSpillageReport tests * Fixed PostMarkdown test * Fixed PostPreviewPropertyRenderer test * Added metadata to card renderer * test fixes * Added no comment placeholder * Fixed test * refactor: improve test mocking for data spillage report component * test mock updates * Updated reducer * not resetting mocks * WIP * review fixes * CI * Fixed * fixes * Content flagging actions implementation (#33852) * Added view detail button * Created RemoveFlaggedMessageConfirmationModal modal * Added key and remove flag request modal * IMplemented delete flagged post * Handled edge cases of deleting flagged post * keep message * UI integration * Added WS event for post report update and handled deleted files of flagged post * Added error handling in keep/remove forms * i18n fixes * Updated OpenAPI specs * fixed types * fixed types * refactoring * Fixed tests * review fixes * Added new property translations * Improved test * fixed test * CI * fixes * CI * fixed a test * CI * Review fixes --------- Co-authored-by: aider (anthropic/claude-sonnet-4-20250514) <aider@aider.chat>	2025-10-13 12:24:01 +05:30
Guillermo Vayá	dfa0128552	[MM-65769] add updatedSince to field search (#34037) ... * add updatedSince to field search * Update server/public/model/property_field.go Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * Update server/channels/store/storetest/property_field_store.go Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --------- Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>	2025-10-08 10:54:29 +00:00
Harshil Sharma	c21ef29f02	Flag post API (#33765) ... * Added enable/disable setting and feature flag * added rest of notifgication settings * Added backend for content flagging setting and populated notification values from server side defaults * WIP user selector * Added common reviewers UI * Added additonal reviewers section * WIP * WIP * Team table base * Added search in teams * Added search in teams * Added additional settings section * WIP * Inbtegrated reviewers settings * WIP * WIP * Added server side validation * cleanup * cleanup * [skip ci] * Some refactoring * type fixes * lint fix * test: add content flagging settings test file * test: add comprehensive unit tests for content flagging settings * enhanced tests * test: add test file for content flagging additional settings * test: add comprehensive unit tests for ContentFlaggingAdditionalSettingsSection * Added additoonal settings test * test: add empty test file for team reviewers section * test: add comprehensive unit tests for TeamReviewersSection component * test: update tests to handle async data fetching in team reviewers section * test: add empty test file for content reviewers component * feat: add comprehensive unit tests for ContentFlaggingContentReviewers component * Added ContentFlaggingContentReviewersContentFlaggingContentReviewers test * test: add notification settings test file for content flagging * test: add comprehensive unit tests for content flagging notification settings * Added ContentFlaggingNotificationSettingsSection tests * test: add user profile pill test file * test: add comprehensive unit tests for UserProfilePill component * refactor: Replace enzyme shallow with renderWithContext in user_profile_pill tests * Added UserProfilePill tests * test: add empty test file for content reviewers team option * test: add comprehensive unit tests for TeamOptionComponent * Added TeamOptionComponent tests * test: add empty test file for reason_option component * test: add comprehensive unit tests for ReasonOption component * Added ReasonOption tests * cleanup * Fixed i18n error * fixed e2e test lijnt issues * Updated test cases * Added snaoshot * Updated snaoshot * lint fix * WIP * lint fix * Added post flagging properties setup * review fixes * updated snapshot * CI * Added base APIs * Fetched team status data on load and team switch * WIP * Review fixes * wip * WIP * Removed an test, updated comment * CI * Added tests * Added tests * Lint fix * Added API specs * Fixed types * CI fixes * API tests * lint fixes * Set env variable so API routes are regiustered * Test update * term renaming and disabling API tests on MySQL * typo * Updated store type definition * Minor tweaks * Added tests * Removed error in app startup when content flaghging setup fails * Updated sync condition: * Flag message modal basE * added post preview * displaying options * Adde comment input * Updated tests and docs * finction rename * WIP * Updated tests * refactor * lint fix * MOved to data migration * lint fix * CI * added new migration mocks * Used setup for tests * some comment * Removed unnecesseery nil check * Form validation * WIP tests * WIP tests * WIP tests * fix: mock content flagging config selector with correct reasons format Co-authored-by: aider (anthropic/claude-sonnet-4-20250514) <aider@aider.chat> * fix: add mock for getContentFlaggingConfig in flag post modal test Co-authored-by: aider (anthropic/claude-sonnet-4-20250514) <aider@aider.chat> * Updated error code order in API docs * removed empty files * Added tests * lint fixes * minor tweak * lint fix * type fix * fixed test * nit * test enhancements * API WIP * API WIP * creating values * creating content flagging channel and properties * Able to save properties * Added another property field * WIP * WIP * Added validations * Added data validations and hidden post if confifgured to * lint fixes * Added API spec * Added some tests * Added tests for getContentReviewBot * test: add comprehensive tests for getContentReviewChannels function * Added more app layer tests * Added TestCanFlagPost * test: Add comprehensive tests for FlagPost function * Added all app layer tests * Removed a file that was reamoved downstream * test: add content flagging test file * test: add comprehensive tests for FlagContentRequest.IsValid method * Added model tests * test: add comprehensive tests for SqlPropertyValueStore.CreateMany * test: add comprehensive tests for flagPost() API function * Added API tests * linter fix * WIP * sent post flagging confirmation message * fixed i18n nissues * fixed i18n nissues * CI * Updated test * fix: reset contentFlaggingGroupId for test isolation in content flagging tests * removed cached group ID * removed debug log * review fixes * Used correct ot name * CI * Updated mobile text * Handled JSON error * fixerdf i18n * CI * Integrate flag post api (#33798) * WIP * WIP * Added API call * test: add test for Client4.flagPost API call in FlagPostModal * fix: remove userEvent.setup() from flag post modal test * test: wrap submit button click in act for proper state updates * Updated tests * lint fix * CI * Updated to allow special characters in comments * Handled empty comment * Used finally * CI * Fixed test * Spillage card integration (#33832) * Created getContentFlaggingFields API * created getPostPropertyValues API * WIP * Created useContentFlaggingFields hook * WIP * WIP * Added option to retain data for reviewers * Displayed deleted post's preview * DIsplayed all properties * Adding field name i18n * WIP - managing i18n able texts * Finished displaying all fields * Manual cleanup * lint fixes * team role filter logic fix * Fixed tests * created new API to fetch flagged posts * lint fix * Added new client methods * test: add comprehensive tests for content flagging APIs * Added new API tests * fixed openapi spec * Fixed DataSpillageReport tests * Fixed PostMarkdown test * Fixed PostPreviewPropertyRenderer test * Added metadata to card renderer * test fixes * Added no comment placeholder * Fixed test * refactor: improve test mocking for data spillage report component * test mock updates * Updated reducer * not resetting mocks * WIP * review fixes * CI * Fixed * fixes * Content flagging actions implementation (#33852) * Added view detail button * Created RemoveFlaggedMessageConfirmationModal modal * Added key and remove flag request modal * IMplemented delete flagged post * Handled edge cases of deleting flagged post * keep message * UI integration * Added WS event for post report update and handled deleted files of flagged post * Added error handling in keep/remove forms * i18n fixes * Updated OpenAPI specs * fixed types * fixed types * refactoring * Fixed tests * review fixes * Added new property translations * Improved test * fixed test * CI * fixes * CI * fixed a test * CI --------- Co-authored-by: aider (anthropic/claude-sonnet-4-20250514) <aider@aider.chat>	2025-10-02 20:24:29 +05:30
Alejandro García Montoro	6eacd7c534	Bump Postgres minimum supported version to 14 (#34010)	2025-10-01 09:49:05 +02:00
JG Heithcock	a41db04d27	MM 65084 server-side (#33861) ... * MM-65084: (server-side) PKCE code-exchange for SSO Server side changes needed for MM-65084. Guarded by MobileSSOCodeExchange feature flag. * Update users.yaml for vet-api testing * Change error for not saving SAML token to existing generic 'can't save token' message * Restricting to sha256 only PKCEs * Change out PKCE terminology to SAML This came out as Claude used "PKCE" as a shorthand for the style and I did not know better. SAML is the correct term here. This also fixes a linter issue where we were assigning `codeVerifier` to `computed` but then overwriting it in all cases (so that was misleading and unecessary) * Adding ConsumeTokenOnce and IsExpired as suggested by security review --------- Co-authored-by: Mattermost Build <build@mattermost.com>	2025-09-29 14:29:32 -07:00
Guillermo Vayá	9d16035212	[MM-65769] Add UpdatedSince to properties search in pluginapi (#33959) ... * add since to properties search * improve testing * fix tests * address naming concerns * adapt comments to new naming * style fixes * who you gonna call?	2025-09-26 13:14:29 +02:00
Pablo Vélez	de686b80bf	MM-65661 - channel admin abac override previous jobs (#33872) ... * MM-65661 - channel admin abac override previous jobs * more UX adjustments; always show the self-exclusion warning modal * use SubjectID parameter for more performant user lookup instead of fetching all matching users * improve validation of result based on PR feedback * performance optimization and DoS protection for access control sync jobs * refactor: rename context parameter from 'c' to 'rctx' in job-related functions for consistency * prevent duplicate save button clicks with immediate response and remove unnecessary debouncing time * remove dedicated endpoint and unify logic * improve filtering performance by including statuses * use a flag to use master directly to prevent db replication lags * adjust unit tests based on pr feedback --------- Co-authored-by: Mattermost Build <build@mattermost.com>	2025-09-26 12:33:31 +02:00
Ben Schumacher	d203ab7ee5	[MM-62582] Don't require email address verification for SAML/LDAP users when their email address changes (#30308) ... * Don't invalidate email adress of SAML/LDAP users * Add lazy migration to fix broken records	2025-09-23 09:39:19 +02:00
Ben Schumacher	18eb1347db	[MM-64900] Migrate to use request.CTX instead of context.Context (#33541) ... * Migrate GetRoleByName * Migrate users GetUsers * Migrate Post and Thread store * Migrate channel store * Fix TestConvertGroupMessageToChannel * Fix TestGetMemberCountsByGroup * Fix TestPostStoreLastPostTimeCache	2025-09-18 16:14:24 +02:00
Jesse Hallam	8d74c6c45c	MM-64395: Remove unused searchArchivedChannelsForTeam API and implementations (#33885) ... The searchArchivedChannelsForTeam functionality has been superseded by the searchAllChannels API with include_deleted parameter. The Browse Channels modal and other UI components now use the modern searchAllChannels approach. Fixes: https://mattermost.atlassian.net/browse/MM-64395	2025-09-16 09:51:37 -03:00
Pablo Vélez	f2f83187b8	MM-65618 - filter based on admin values (#33857) ... * MM-65618 - filter based on admin values * add open api documentation * adjust api description and adjust UX to match design * reorganize function and add unit tests * more UX adjustments; always show the self-exclusion warning modal * use SubjectID parameter for more performant user lookup instead of fetching all matching users * fix unit tests and remove wrong condition for job run --------- Co-authored-by: Mattermost Build <build@mattermost.com>	2025-09-12 20:09:47 +02:00
Julien Tant	78050bb0d3	Change properties search signature to support multiple TargetIDs (#33873) ... * change properties search * add tests * Fix calls to to the search methods * Fix SearchPropertyFields call with wrong signature	2025-09-11 22:56:01 +00:00
Guillermo Vayá	d15b933888	[MM-64683] Implement property field counting functionality in Plugin API (#33438) ... * Implement property field limit enforcement and counting functionality in Plugin API - Added a limit of 20 property fields per group in the CreatePropertyField method. - Introduced CountPropertyFields method to count active and all property fields, including deleted ones. - Enhanced tests to validate the new property field limit and counting behavior. - Updated related API and service methods to support the new functionality. * Update server/channels/app/properties/property_field.go Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * fix vet * fix lint error * fix test * fix tests * fix test * count properties + targets * Update server/channels/app/plugin_api.go Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * remove test for limit * fix more tests * improve testing messages now that the limit is removed * Apply suggestion from @calebroseland Co-authored-by: Caleb Roseland <caleb@calebroseland.com> * Apply suggestion from @calebroseland Co-authored-by: Caleb Roseland <caleb@calebroseland.com> * Apply suggestion from @calebroseland Co-authored-by: Caleb Roseland <caleb@calebroseland.com> * Apply suggestion from @calebroseland Co-authored-by: Caleb Roseland <caleb@calebroseland.com> --------- Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Co-authored-by: Mattermost Build <build@mattermost.com> Co-authored-by: Julien Tant <785518+JulienTant@users.noreply.github.com> Co-authored-by: Caleb Roseland <caleb@calebroseland.com>	2025-09-11 12:49:14 -07:00
Ben Schumacher	d78d59babe	Standardize request.CTX parameter naming to rctx (#33499) ... * Standardize request.CTX parameter naming to rctx - Migrate 886 request.CTX parameters across 147 files to use consistent 'rctx' naming - Updated function signatures from 'c', 'ctx', and 'cancelContext' to 'rctx' - Updated function bodies to reference the new parameter names - Preserved underscore parameters unchanged as they are unused - Fixed method receiver context issue in store.go 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com> * Use request.CTX interface in batch worker * Manual fixes * Fix parameter naming * Add linter check --------- Co-authored-by: Claude <noreply@anthropic.com>	2025-09-10 15:11:32 +02:00
Pablo Vélez	4542ecc9d4	Mm 65096 - channel admin rules confirmation modal (#33758) ... * MM65096 - channel admin rules confirmation modal * trigger the sync job directly * update the active state correctly and adjust styling * Add ids to policy search so sync job finds the channel policy * combine the channel and the inherited policies expressions for confirm modal * add missing translations * fix tests and fix incorrect Id definition * fix translations * Revert "fix translations" * fix typo * remove plugin auto injected logging code --------- Co-authored-by: Mattermost Build <build@mattermost.com>	2025-09-09 16:41:07 +02:00
Alejandro García Montoro	553f99612e	MM-60441: Re-index public channels when a user joins a team (#33400) ... * Index all public channels when a user joins a team * Precompute team members for indexChannelsForTeam * Refactor RequestContextWithMaster to store package This way, we can import it from both the sqlstore and the searchlayer packages. The alternative for this is duplicating the code in those two packages, but that will *not* work: The context package expects custom types for the keys stored in it, so that different packages never clash with each other when trying to register a new key. See the docs for the WithValue function: https://pkg.go.dev/context#WithValue If we try to duplicate the storeContextKey type in both the sqlstore and searchlayer packages, although they *look* the same, they are not, and HasMaster will fail to get the value of the storeContextKey(useMaster) key if it's from the other package. * Use master in call to GetTeamMembersForChannel In GetTeamMembersForChannel, use the DB from the newly passed context, which will be the receiving context everywhere except in the call done from indexChannelsForTeam, to avoid the read after write issue when saving a team member. * Fix GetPublicChannelsForTeam paging We were using the page and perPage arguments as is in the call to GetPublicChannelsForTeam, but that function expects and offset and a limit as understood by SQL. Although perPage and limit are interchangeable, offset is not equal to page, but to page * perPage. * Add a synchronous bulk indexer for Opensearch * Implement Opensearch's SyncBulkIndexChannels * Add a synchronous bulk indexer for Elasticsearch * Implement Elasticsearch's SynkBulkIndexChannels * Test SyncBulkIndexChannels * make mocks * Bulk index channels on indexChannelsForTeam * Handle error from SyncBulkIndexChannels * Fix style * Revert indexChannelWithTeamMembers refactor * Remove defensive code on sync bulk processor * Revert "Add a synchronous bulk indexer for Opensearch" This reverts commit bfe4671d96. * Revert "Add a synchronous bulk indexer for Elasticsearch" This reverts commit 6643ae3f30. * Refactor bulk indexers with a common interface * Test all the different implementations Assisted by Claude * Remove debug statements * Refactor common code into _stop * Rename getUserIDsFor{,Private}Channel * Wrap error * Make perPage a const * Fix typos * Call GetTeamsForUser only if needed * Differentiate errors for sync/async processors --------- Co-authored-by: Ibrahim Serdar Acikgoz <serdaracikgoz86@gmail.com> Co-authored-by: Mattermost Build <build@mattermost.com>	2025-08-25 19:28:19 +02:00
Henrique Machado	f418e1398d	[GH-28202]: Added GetGroupsByNames API (#33558) ... * feat: Added GetGroupsByNames API This commit implements the endpoint discussed in issue #28202. This adds a new API endpoint to get multiple groups by a list of names. Previously, when the app received a post with @ mentions that it didn't recognize, it would attempt to fetch them all as users, then if some were still missing, it would go one by one attempting to fetch each as a group. Now we just fetch all the groups at once, just like we do for users. Also added unit tests for the new API and it's respective documentation. * Added server version to GetGroupsByNames documentation Co-authored-by: Harrison Healey <harrisonmhealey@gmail.com> * fix: updated status_profile_polling tests to use new endpoint * fix: fixed mock test Was using get for post request --------- Co-authored-by: Harrison Healey <harrisonmhealey@gmail.com>	2025-08-20 18:20:07 -04:00
Jesse Hallam	c8d6630141	MM-63240: Always allow viewing archived channels (#32162) ... * server: allow access to channel bookmarks in an archived channel * server: allow access to posts in archived channels * server: allow accessing channel members for archived channels * server: allow autocompleting/searching archived channels * server: allow access to files from archived channels * server: fix access issue on database error * server: allow access to archived channels * server: remove TeamSettings.ExperimentalViewArchivedChannels from telemetry * server: remove ExperimentalViewArchivedChannels from client config * webapp: simplify delete channel * webapp: simplify channel settings modal * webapp: do not redirect away from archived channel * webapp: rhs, always search posts from archived channels * webapp: switch channels, always support archived channels * webapp: search channel provider, always support archived channels * webapp: browse channels, always support archived channels * webapp, search results? fixup? * webapp, confusing type issue * webapp: unarchive, no need to report view archived * webapp: command test, no need for ExperimentalViewArchivedChannels in config * webapp: remove ExperimentalViewArchivedChannels from system console * webapp: redux, do not delete posts, also fix LEAVE_CHANNEL * update e2e tests * server: fail startup if ExperimentalViewArchivedChannels is not enabled * extract i18n * updated snapshots * update tests * simplify posts reducer * updated tests * additional e2e tests * Fix locale consistency in Jest tests Added consistent locale environment variables (LC_ALL=en_US.UTF-8 LANG=en_US.UTF-8) to all Jest test scripts to prevent locale-dependent date formatting differences across development environments. This resolves snapshot test failures where DateTime.toLocaleString() would produce different date formats on different systems (e.g., "6/8/2025" vs "08/06/2025" vs "2025-06-08"). Updated test scripts: - test, test:watch, test:updatesnapshot, test:debug, test-ci Updated snapshot to consistent en_US format. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com> * Remove includeArchivedChannels parameter from GetMemberForPost * Remove unnecessary includeDeleted variable assignments * Deprecate ExperimentalViewArchivedChannels config field --------- Co-authored-by: Claude <noreply@anthropic.com> Co-authored-by: Mattermost Build <build@mattermost.com>	2025-08-15 13:50:20 -03:00
Agniva De Sarker	9dd8c056e7	MM-63368: Remove MySQL (#33458) ... https://mattermost.atlassian.net/browse/MM-63368 ```release-note Remove MySQL support from the codebase entirely. ```	2025-07-22 20:40:55 +05:30
Ibrahim Serdar Acikgoz	d182c4f81f	fix select type being ignored when it's null (#33399)	2025-07-18 15:50:56 +02:00
Ben Schumacher	9add320011	[MM-64654] Migrate to modern Go features (#31820)	2025-07-18 12:54:51 +02:00
Jesse Hallam	ebe03c1d45	Channel Store: No SELECT * (#32167) ... * Replace SELECT * with explicit column lists in channel store Migrates channel_store.go away from SELECT * patterns to explicit column lists for better performance, maintainability, and schema safety. - Replace GetPinnedPosts raw SQL with query builder using postSliceColumns() - Replace "cc.*" in group channel search with channelSliceColumns() - Replace GetChannelsBatchForIndexing raw SQL with query builder - Replace channel member and team queries with respective column helpers - Use SelectBuilder helper instead of manual ToSql() calls 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com> * Replace SELECT * with COUNT(*) in user_test.go Replaces unnecessary SELECT * queries with SELECT COUNT(*) in TestPermanentDeleteUser bot count verification. Only needs to check the count of bots, not retrieve full bot records. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com> --------- Co-authored-by: Claude <noreply@anthropic.com>	2025-07-02 15:35:54 +00:00
Miguel de la Cruz	d9a083dc82	Use master to get remotes to avoid race conditions in cloud (#31221) ... Co-authored-by: Miguel de la Cruz <miguel@ctrlz.es>	2025-06-26 12:52:02 +02:00
Christopher Poile	9b1e03a6b8	[MM-63557] mmctl: Add compliance export create cmd (#30594) ... * Refactor job retrieval to support multiple statuses & multiple types - Updated job retrieval functions to handle multiple job statuses. - Renamed `GetJobsByTypeAndStatus` to `GetJobsByTypesAndStatuses` for consistency across the codebase. - Adjusted related function signatures and implementations in the job store and retry layer to accommodate the new method. - Updated tests to reflect changes in job retrieval logic and ensure proper functionality. * Add compliance export create command and tests - Introduced `ComplianceExportCreateCmd` to facilitate the creation of compliance export jobs with options for date, start, and end timestamps. - Added unit tests for the new command, covering various scenarios including valid and invalid inputs. - Updated documentation to include usage examples and options for the new command. - Enhanced existing tests to ensure proper functionality of compliance export job handling. * update docs * update tests for new logic * Refactor message export job tests to use DefaultPreviousJobPageSize - Updated all test cases in worker_test.go to replace hardcoded page size of 100 with DefaultPreviousJobPageSize for consistency. - Adjusted the worker.go file to define DefaultPreviousJobPageSize and use it in job retrieval logic. - Ensured that the changes maintain the functionality of job data initialization and retrieval tests. * PR comments * PR comments, simplifications, clarifications, formatting * prefer hypen over underscore in command names * merge conflict * update mmctl docs	2025-06-24 21:38:30 +00:00
Jesse Hallam	968550d275	Fix undefined variable 'opts' in getSidebarCategoriesT function (#31815) ... The function was trying to use 'opts.TeamID' but 'opts' was not defined in the function scope. Changed it to use the 'teamId' parameter which is properly defined in the function signature. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-authored-by: Claude <noreply@anthropic.com>	2025-06-20 01:27:28 +00:00
Jesse Hallam	dcc72c4c61	MM-63728: simplify category store with graphql gone (#30848) ... * move category permissions to api In https://github.com/mattermost/mattermost/pull/21038, we changed the behaviour of the channel category store to filter out deleted teams and teams for which the user was not a member. This was necessary in part due to querying multiple teams via GraphQL. With GraphQL no longer supported, let's move the permissions to the API instead and remove the `JOIN` to filter out teams in the store. Note that we /don't/ prevent access to deleted teams. For better or worse, deleted teams remain largely accessible via other API endpoints anyway. * remove ExcludeTeam / GraphQL support As part of https://github.com/mattermost/mattermost/pull/20353, we added `ExcludeTeam` and the associated logic to support a GraphQL API. With GraphQL no longer supported, let's simplify this logic and remove the filtering and associated complexity. * Fix shadow variable declaration in channel_store_categories.go Fixed golangci-lint error by reusing existing err variable rather than shadowing it. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com> * fix build issue * Remove SidebarCategorySearchOpts and simplify API to use teamID string Per code review feedback, this change removes the SidebarCategorySearchOpts struct entirely since the Type field was never used in the store implementation. All methods now accept a simple teamID string parameter instead of the struct, which simplifies the API and makes the code clearer. Changes: - Remove SidebarCategorySearchOpts struct from store.go - Update CreateInitialSidebarCategories and GetSidebarCategories signatures - Update all implementations (sqlstore, retrylayer, timerlayer, mocks) - Update all callers to pass teamID string directly - Clean up unused imports 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com> --------- Co-authored-by: Claude <noreply@anthropic.com>	2025-06-20 00:48:12 +00:00
Harrison Healey	a3f60f797b	MM-63725 Populate multiple sidebar categories at once whenever possible (#31064) ... * Remove redundant sidebar tests from TestChannelStore * MM-63725 Refactor to split out getOrphanedSidebarChannels * MM-63725 Populate multiple sidebar categories at once whenever possible * Fix shadowing	2025-06-19 10:09:36 -04:00
Ben Schumacher	04a60b6609	[MM-57693] Add schema dump to Support Packet (#31162) ... Co-authored-by: Claude <noreply@anthropic.com>	2025-06-19 11:33:55 +02:00
Daniel Espino García	fc14fa0e87	Fix getAllChannels api not returning DMs/GMs (#31362) ... Automatic Merge	2025-06-17 09:16:06 +03:00
Agniva De Sarker	761bc7549b	[AI assisted] MM-64298: Process setting status offline in batches (#31065) ... When a user disconnects from the hub, we would spawn off a goroutine which would make a cluster request, and then update the user status as offline in the DB. This was another case of unbounded concurrency where the number of goroutines spawned was user controlled. Therefore, we would see a clear spike in DB connections on master when a lot of users would suddenly disconnect. To fix this, we implement concurrency control in two areas: 1. In making the cluster request. We implement a counting semaphore per-hub to avoid making unbounded cluster requests. 2. We use a buffered channel with a periodic flusher to process status updates. We also add a new store method to upsert multiple statuses in a single query. The statusUpdateThreshold is set to 32, which means no more than 32 rows will be upserted at one time, keeping the SQL query load reasonable. https://mattermost.atlassian.net/browse/MM-64298 ```release-note We improve DB connection spikes on user disconnect by processing status updates in batches. ```	2025-06-17 09:20:34 +05:30