FAQ update and notifications fix
This commit is contained in:
parent
19006877a2
commit
eed971d997
|
@ -96,25 +96,28 @@ func Likes() http.HandlerFunc {
|
||||||
case "photos":
|
case "photos":
|
||||||
if photo, err := models.GetPhoto(tableID); err == nil {
|
if photo, err := models.GetPhoto(tableID); err == nil {
|
||||||
if user, err := models.GetUser(photo.UserID); err == nil {
|
if user, err := models.GetUser(photo.UserID); err == nil {
|
||||||
// Admin safety check: in case the admin clicked 'Like' on a friends-only or private
|
// Safety check: if the current user should not see this picture, they can not "Like" it.
|
||||||
// picture they shouldn't have been expected to see, do not log a like.
|
// Example: you unfriended them but they still had the image on their old browser page.
|
||||||
if currentUser.IsAdmin && currentUser.ID != user.ID {
|
var unallowed bool
|
||||||
|
if currentUser.ID != user.ID {
|
||||||
if (photo.Visibility == models.PhotoFriends && !models.AreFriends(user.ID, currentUser.ID)) ||
|
if (photo.Visibility == models.PhotoFriends && !models.AreFriends(user.ID, currentUser.ID)) ||
|
||||||
(photo.Visibility == models.PhotoPrivate && !models.IsPrivateUnlocked(user.ID, currentUser.ID)) {
|
(photo.Visibility == models.PhotoPrivate && !models.IsPrivateUnlocked(user.ID, currentUser.ID)) {
|
||||||
SendJSON(w, http.StatusForbidden, Response{
|
unallowed = true
|
||||||
Error: "You are not allowed to like that photo.",
|
|
||||||
})
|
|
||||||
return
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// Blocking safety check: if either user blocks the other, liking is not allowed.
|
// Blocking safety check: if either user blocks the other, liking is not allowed.
|
||||||
if models.IsBlocking(currentUser.ID, user.ID) {
|
if models.IsBlocking(currentUser.ID, user.ID) {
|
||||||
|
unallowed = true
|
||||||
|
}
|
||||||
|
|
||||||
|
if unallowed {
|
||||||
SendJSON(w, http.StatusForbidden, Response{
|
SendJSON(w, http.StatusForbidden, Response{
|
||||||
Error: "You are not allowed to like that photo.",
|
Error: "You are not allowed to like that photo.",
|
||||||
})
|
})
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
targetUser = user
|
targetUser = user
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
|
|
|
@ -60,6 +60,11 @@ func AddFriend() http.HandlerFunc {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Revoke any friends-only photo notifications they had received before.
|
||||||
|
if err := models.RevokeFriendPhotoNotifications(currentUser, user.ID); err != nil {
|
||||||
|
log.Error("Couldn't revoke friend photo notifications from %s to %s: %s", currentUser.Username, user.Username, err)
|
||||||
|
}
|
||||||
|
|
||||||
var message string
|
var message string
|
||||||
if verdict == "reject" {
|
if verdict == "reject" {
|
||||||
message = fmt.Sprintf("Friend request from %s has been rejected.", username)
|
message = fmt.Sprintf("Friend request from %s has been rejected.", username)
|
||||||
|
|
|
@ -446,6 +446,25 @@ func RemoveFriend(sourceUserID, targetUserID uint64) error {
|
||||||
return result.Error
|
return result.Error
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// RevokeFriendPhotoNotifications removes notifications about newly uploaded friends photos
|
||||||
|
// that were sent to your former friends, when you remove their friendship.
|
||||||
|
//
|
||||||
|
// For example: if I unfriend you, all your past notifications that showed my friends-only photos should
|
||||||
|
// be revoked so that you can't see them anymore.
|
||||||
|
func RevokeFriendPhotoNotifications(currentUser *User, fromUserID uint64) error {
|
||||||
|
// Gather the IDs of all our private photos to nuke notifications for.
|
||||||
|
photoIDs, err := currentUser.AllFriendsOnlyPhotoIDs()
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
} else if len(photoIDs) == 0 {
|
||||||
|
// Nothing to do.
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
log.Info("RevokeFriendPhotoNotifications(%s): forget about friend photo uploads for user %d on photo IDs: %v", currentUser.Username, fromUserID, photoIDs)
|
||||||
|
return RemoveSpecificNotificationBulk(fromUserID, NotificationNewPhoto, "photos", photoIDs)
|
||||||
|
}
|
||||||
|
|
||||||
// Save photo.
|
// Save photo.
|
||||||
func (f *Friend) Save() error {
|
func (f *Friend) Save() error {
|
||||||
result := DB.Save(f)
|
result := DB.Save(f)
|
||||||
|
|
|
@ -100,6 +100,25 @@ func (u *User) AllPrivatePhotoIDs() ([]uint64, error) {
|
||||||
return photoIDs, nil
|
return photoIDs, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// AllFriendsOnlyPhotoIDs returns the listing of all IDs of the user's private photos.
|
||||||
|
func (u *User) AllFriendsOnlyPhotoIDs() ([]uint64, error) {
|
||||||
|
var photoIDs = []uint64{}
|
||||||
|
err := DB.Table(
|
||||||
|
"photos",
|
||||||
|
).Select(
|
||||||
|
"photos.id AS id",
|
||||||
|
).Where(
|
||||||
|
"user_id = ? AND visibility = ?",
|
||||||
|
u.ID, PhotoFriends,
|
||||||
|
).Scan(&photoIDs)
|
||||||
|
|
||||||
|
if err.Error != nil {
|
||||||
|
return photoIDs, fmt.Errorf("AllFriendsOnlyPhotoIDs(%s): %s", u.Username, err.Error)
|
||||||
|
}
|
||||||
|
|
||||||
|
return photoIDs, nil
|
||||||
|
}
|
||||||
|
|
||||||
// AllPhotoIDs returns the listing of all IDs of the user's photos.
|
// AllPhotoIDs returns the listing of all IDs of the user's photos.
|
||||||
func (u *User) AllPhotoIDs() ([]uint64, error) {
|
func (u *User) AllPhotoIDs() ([]uint64, error) {
|
||||||
if u.cachePhotoIDs != nil {
|
if u.cachePhotoIDs != nil {
|
||||||
|
|
|
@ -52,7 +52,7 @@
|
||||||
<li><a href="#other-people">Can I include other people in my photos?</a></li>
|
<li><a href="#other-people">Can I include other people in my photos?</a></li>
|
||||||
<li><a href="#define-explicit">What is considered "explicit" in photos?</a></li>
|
<li><a href="#define-explicit">What is considered "explicit" in photos?</a></li>
|
||||||
<li><a href="#photoshop">Are digitally altered or 'photoshopped' pictures okay?</a></li>
|
<li><a href="#photoshop">Are digitally altered or 'photoshopped' pictures okay?</a></li>
|
||||||
<li><a href="#downloading">Does this site <strong>prevent people from downloading</strong> my pictures?</a></li>
|
<li><a href="#downloading">Does this site <strong>prevent people from downloading</strong> my pictures?</a> <span class="tag is-success">UPDATED Jan 10 2024</span></li>
|
||||||
</ul>
|
</ul>
|
||||||
</li>
|
</li>
|
||||||
<li>
|
<li>
|
||||||
|
@ -706,29 +706,38 @@
|
||||||
<h3 id="downloading">Does this site prevent people from downloading my pictures?</h3>
|
<h3 id="downloading">Does this site prevent people from downloading my pictures?</h3>
|
||||||
|
|
||||||
<p>
|
<p>
|
||||||
This website does not go out of its way to prevent people from downloading pictures, and
|
<span class="tag is-success">Updated Jan 10 2024</span>
|
||||||
nor will it pretend to. This is actually a very difficult problem to solve in the year {{.YYYY}}.
|
|
||||||
</p>
|
</p>
|
||||||
|
|
||||||
<p>
|
<p>
|
||||||
I <em>could</em> add some JavaScripts that prevent right-clicking on my pages so you can't
|
As of November 2023, the {{PrettyTitle}} website does discourage the downloading of pictures
|
||||||
just "Save image as," but this would only deter desktop (mouse & keyboard) users and is easy
|
to the limited extent that a web page is able to. We have a right-click handler (long press
|
||||||
to work around. I <em>could</em> place a transparent image over top of all your pictures like
|
on mobile) where if you right-click on a photo anywhere on the site, you are shown a pop-up
|
||||||
Instagram does and if you try and save it, you just get a one-pixel transparent GIF; but this
|
message to "please respect our members' privacy" and a reminder that it is against the rules
|
||||||
is trivially defeated by any novice web designer by just right-clicking, "Inspect element" and
|
to download and share images from this site elsewhere. We also have a script that inteferes with
|
||||||
deleting it from the web page to get at the photo it was protecting.
|
dragging an image off of the page and into your URL bar or another application which helps to
|
||||||
|
protect pictures from being easily saved.
|
||||||
</p>
|
</p>
|
||||||
|
|
||||||
<p>
|
<p>
|
||||||
And people can always just screenshot the whole web page - and a web page can't do anything
|
You can see this in action by attempting to right-click, long press, or drag the image below:
|
||||||
at all to prevent that. With mobile phones this is an especially easy and common thing to
|
|
||||||
do. Any mild measures this site could take to deter downloading would only provide a false
|
|
||||||
sense of security, which is worse than having no security.
|
|
||||||
</p>
|
</p>
|
||||||
|
|
||||||
<p>
|
<p>
|
||||||
There are risks inherent with putting a picture on the Internet. This website does provide
|
<img src="/static/img/shy.png" width="48" height="48">
|
||||||
some controls you can utilize as to <em>who</em> will see the pictures you upload:
|
</p>
|
||||||
|
|
||||||
|
<p>
|
||||||
|
However, a motivated individual can <strong>always</strong> circumvent these kind of restrictions
|
||||||
|
and download a picture if they really want to. There is no technical measure that a website can
|
||||||
|
take to prevent this entirely: because at the end of the day, they can always just screenshot the whole
|
||||||
|
entire web page which is especially trivial and common to do from mobile devices.
|
||||||
|
</p>
|
||||||
|
|
||||||
|
<p>
|
||||||
|
There are risks inherent with putting a picture on the Internet. This website <em>does</em> provide
|
||||||
|
some controls you can utilize to limit who is allowed to see your picture in the first place, to
|
||||||
|
those who you think you can trust not to download your picture:
|
||||||
</p>
|
</p>
|
||||||
|
|
||||||
<ul>
|
<ul>
|
||||||
|
|
Loading…
Reference in New Issue
Block a user