Assorted improvements & fixes

app/assets/javascripts/qpixel_api.js

@@ -131,7 +131,10 @@ window.QPixel = {
     }
 
     const myselfPromise = QPixel.fetch('/users/me', {
-      headers: { 'Accept': 'application/json' }
+      headers: {
+        'Accept': 'application/json',
+        'Cache-Control': 'no-cache',
+      }
     });
 
     QPixel._pendingUserResponse = myselfPromise;

app/assets/stylesheets/errors.scss

@@ -23,8 +23,9 @@
 .error-report-summary {
   display: flex;
   align-items: center;
+  gap: 0.15em;
 
   .details {
     flex: 1;
   }
-}
+}

app/controllers/comments_controller.rb

@@ -194,6 +194,8 @@ def thread
   end
 
   def thread_content
+    fresh_when last_modified: @comment_thread.last_activity_at.utc, etag: @comment_thread
+
     render partial: 'comment_threads/expanded', locals: { inline: params[:inline] == 'true',
                                                           show_deleted: params[:show_deleted_comments] == '1',
                                                           thread: @comment_thread }

app/controllers/users/sessions_controller.rb

@@ -1,12 +1,15 @@
 class Users::SessionsController < Devise::SessionsController
+  include Devise::Controllers::Rememberable
+
   protect_from_forgery except: [:create]
 
   mattr_accessor :first_factor, default: [], instance_writer: false, instance_reader: false
 
   # Any changes made here may also require changes to Users::SamlSessionsController#create.
   def create
     super do |user|
-      return unless post_sign_in(user)
+      remember_me = remember_me_is_active?(user)
+      return unless post_sign_in(user, remember_me)
     end
   end
 
@@ -29,10 +32,15 @@ def verify_code
                             'a backup code. Please re-configure two-factor authentication via your profile.'
         end
 
+        if params[:remember_me] == 'true'
+          remember_me(target_user)
+        end
+
         AuditLog.user_history(event_type: 'two_factor_success', related: target_user)
         @@first_factor.delete params[:uid].to_i
+
         flash[:info] = 'Signed in successfully.'
-        sign_in_and_redirect target_user
+        sign_in_and_redirect(target_user)
       else
         AuditLog.user_history(event_type: 'two_factor_fail', related: target_user, comment: 'first factor not present')
         flash[:danger] = "You haven't entered your password yet."
@@ -56,9 +64,10 @@ def verify_code
   #
   # In general, this method should have similar behavior to the Users::SamlSessionsController#post_sign_in method.
   # If you make changes here, you may also have to update that method.
-  # @param user [User]
+  # @param user [User] currently signed in user
+  # @param remember_me [Boolean] whether the user should be remembered after special conditions
   # @return [Boolean] false if the handling by the calling method should be stopped
-  def post_sign_in(user)
+  def post_sign_in(user, remember_me = false)
     # For a deleted user (banished), tell them non-specifically that there was a mistake with their credentials.
     if user.deleted?
       sign_out user
@@ -88,20 +97,20 @@ def post_sign_in(user)
 
     # Enforce 2FA
     if user.enabled_2fa
-      handle_2fa_login(user)
+      handle_2fa_login(user, remember_me)
       return false
     end
 
     true
   end
 
-  def handle_2fa_login(user)
+  def handle_2fa_login(user, remember_me = false)
     sign_out user
     case user.two_factor_method
     when 'app'
       id = user.id
       @@first_factor << id
-      redirect_to login_verify_2fa_path(uid: id)
+      redirect_to login_verify_2fa_path(uid: id, remember_me: remember_me)
     when 'email'
       TwoFactorMailer.with(user: user, host: request.hostname).login_email.deliver_now
       flash[:notice] = nil

app/helpers/abilities_helper.rb

@@ -1,5 +1,14 @@
 module AbilitiesHelper
-  ##
+  # Gets a maybe_ability to the specified ability
+  # @param ability [Ability, String] ability or its internal id to link to
+  # @return [ActiveSupport::SafeBuffer]
+  def ability_link(maybe_ability)
+    ability = maybe_ability.is_a?(String) ? Ability.find_by(internal_id: maybe_ability) : maybe_ability
+
+    link_to ability.name,
+            ability_url(ability.internal_id, host: ability.community.host)
+  end
+
   # Linearizes the Wilson-score progress used by ability calculations. For example, 0.98 and 0.99 are not far away on a
   # linear scale, but mean a change of about 2x for the actual limit used by the algorithm. This method takes that into
   # account and provides an indicator of progress on a linear scale, for use in progress bars.
@@ -10,7 +19,6 @@ def linearize_progress(score)
     [0, linear_score].max.to_f
   end
 
-  ##
   # Provides an error message for when a user is unable to complete an ability-restricted action, either because the
   # user doesn't have the ability or because it has been suspended.
   # @param internal_id [String] The +internal_id+ attribute of the ability in question.

app/models/comment_thread.rb

@@ -49,6 +49,12 @@ def can_access?(user)
       post.can_access?(user)
   end
 
+  # Gets last activity date and time on the thread
+  # @return [DateTime] last activity date and time
+  def last_activity_at
+    [created_at, locked_at, updated_at].compact.max
+  end
+
   # Gets a list of user IDs who should be pingable in the thread.
   # @return [Array<Integer>]
   def pingable

app/models/post.rb

@@ -246,6 +246,24 @@ def reaction_list
              .to_h { |_k, v| [v.first.reaction_type, v] }
   end
 
+  # Gets a list of related posts scoped for a given user
+  # @param user [User, nil] user to check access for
+  # @return [ActiveRecord::Relation<Post>]
+  def related_posts_for(user)
+    if user&.can_see_deleted_posts?
+      inbound_duplicates
+    else
+      inbound_duplicates.undeleted
+    end
+  end
+
+  # Checks if the post has related posts (scoped for a given user)
+  # @param user [User, nil] user to check access for
+  # @return [Boolean] check result
+  def related_posts_for?(user)
+    related_posts_for(user).any?
+  end
+
   # Are new threads on this post followed by a given user?
   # @param post [Post] post to check
   # @param user [User] user to check

app/views/admin/_error_report.html.erb

@@ -4,7 +4,7 @@
       <strong><%= report.klass %></strong><br/>
       <span class="has-font-size-caption has-color-tertiary-600"><%= t('g.at') %> <%= report.request_uri %></span>
     </span>
-    <span class="has-float-right has-color-tertiary-600">
+    <span class="has-padding-right-2 has-float-right has-color-tertiary-600">
       <%= report.created_at.iso8601 %>
     </span>
   </summary>
@@ -26,5 +26,8 @@
     <span class="raw-markdown"><%= report.uuid %></span>
   </p>
 
-  <pre class="error-trace raw-markdown"><%= report.backtrace.split("\n").select { |l| l.include? Rails.root.to_s }.join("\n") %></pre>
-</details>
+  <% backtrace_lines = report.backtrace.split("\n").select { |l| l.include? Rails.root.to_s } %>
+  <% if backtrace_lines.any? %>
+    <pre class="error-trace raw-markdown"><%= backtrace_lines.join("\n") %></pre>
+  <% end %>
+</details>

app/views/layouts/_sidebar.html.erb

@@ -49,9 +49,9 @@
     <% end %>
 
     <%# Related Posts widget %>
-    <% if defined?(@post) && @post.inbound_duplicates.any? %>
+    <% if defined?(@post) && @post.related_posts_for?(current_user) %>
       <% collapse_related = user_preference('collapse_related_posts') == 'true' %>
-      <% cache [@post, @post.inbound_duplicates] do %>
+      <% cache [@post, @post.related_posts_for(current_user)] do %>
         <div class="widget has-margin-4 is-green" data-collapsed="<%= user_preference('collapse_related_posts') %>">
           <div class="widget--header">
             Related Posts
@@ -60,7 +60,7 @@
               <i class="fas <%= collapse_related ? 'fa-chevron-down' : 'fa-chevron-up' %>"></i>
             </button>
           </div>
-          <% @post.inbound_duplicates.each do |dp| %>
+          <% @post.related_posts_for(current_user).each do |dp| %>
             <div class="widget--body <%= 'hidden' if collapse_related %>">
               <% unless dp.category.nil? %>
                 <%= dp.category.name %>