* Add chat moderation rules to the website, so admins can apply selective rules
to problematic users. Available rules are:
* redcam: user's camera is always NSFW.
* nobroadcast: user can not broadcast their camera.
* novideo: user can not broadcast OR watch any video.
* noimage: user can not share OR see any shared image on chat.
* The page to manage a user's active rules is available on their admin card of
their profile page. When the user has rules active, a yellow counter is shown
by the link to manage their rules.
* Only chat moderator admins have access to the page or can see the yellow
counter to know whether rules are active.
* "Shy Accounts" are now permitted on the chat room! With some moderation rules
automatically applied to them: novideo,noimage.
* Update the Shy Account FAQ and messaging on the chat landing page.
* Update the auto-kick from chat behavior regarding shy accounts:
* They are kicked from chat only when an update to their profile settings will
transition then FROM a non-shy into a shy account.
* For example: when saving their profile settings (going private) or when
editing or deleting a photo (if they will have no more public photos left)
Adds two new features to collect and show useful analytics.
Usage Statistics:
* Begin tracking daily active users who log in and interact with major features
of the website each day, such as the chat room, forum and gallery.
Demographics page:
* For marketing, the home page now shows live statistics about the breakdown of
content (explicit vs. non-explicit) on the site, and the /insights page gives
a lot more data in detail.
* Show the percent split in photo gallery content and how many users opt-in or
share explicit content on the site.
* Show high-level demographics of the members (by age range, gender, orientation)
Misc cleanup:
* Rearrange model list in data export to match the auto-create statements.
* In data exports, include the forum_memberships, push_notifications and
usage_statistics tables.
* Inner circle: users have the ability to remove themselves and can avoid being
invited again in the future.
* Admin actions: add a "Reset Password" ability to user accounts.
* Admin "Create New User" page.
* Rate limit error handling improvements for the login page.
* Add an Admin Certification Photo workflow where we can request the user to
upload a secondary form of ID (government issued photo ID showing their
face and date of birth).
* An admin rejection option can request secondary photo ID.
* It sends a distinct e-mail to the user apart from the regular rejection email
* It flags their cert photo as "Secondary Needed" forever: even if the user
removes their cert photo and starts from scratch, it will immediately request
secondary ID when uploading a new primary photo.
* Secondary photos are deleted from the server on both Approve and Reject by
the admin account, for user privacy.
* If approved, a Secondary Approved=true boolean is stored in the database. This
boolean is set to False if the user deletes their cert photo in the future.
* Add an Alt Text field for users to describe their photos for accessibility.
* Alt texts appear on mouse over on Gallery pages, in the lightbox modal (on
mouse over or by clicking the ALT button that appears), and in a box on the
permalink page below the photo caption.
* Max length of Alt Text is 5,000 characters.
* Fix a bug with the right-click blocker not working on the lightbox modal.
Users whose accounts are no longer eligible to be in the chat room will be
disconnected immediately from chat when their account status changes.
The places in nonshy where these disconnects may happen include:
* When the user deactivates or deletes their account.
* When they modify their settings to mark their profile as 'private,' making
them become a Shy Account.
* When they edit or delete their photos in case they have moved their final
public photo to be private, making them become a Shy Account.
* When the user deletes their certification photo, or uploads a new cert photo
to be reviewed (in both cases, losing account certified status).
* When an admin user rejects their certification photo, even retroactively.
* On admin actions against a user, including: banning them, deleting their
user account.
Other changes made include:
* When signing up an account and e-mail sending is not enabled (e.g. local
dev environment), the SignupToken is still created and logged to the console
so you can continue the signup manually.
* On the new account DOB prompt, add a link to manually input their birthdate
as text similar to on the Age Gate page.
* Add a ChangeLog table to collect historic updates to various database tables.
* Created, Updated (with field diffs) and Deleted actions are logged, as well
as certification photo approves/denies.
* Specific items added to the change log:
* When a user photo is marked Explicit by an admin
* When users block/unblock each other
* When photo comments are posted, edited, and deleted
* When forums are created, edited, and deleted
* When forum comments are created, edited and deleted
* When a new forum thread is created
* When a user uploads or removes their own certification photo
* When an admin approves or rejects a certification photo
* When a user uploads, modifies or deletes their gallery photos
* When a friend request is sent
* When a friend request is accepted, ignored, or rejected
* When a friendship is removed
* On a user gallery page: if the current user can not see their default
profile pic (friends-only or private), include a notice and link to
the FAQ about this.
* Add a new placeholder avatar for profile pics that are set to
"Inner circle only" when viewed by members outside the circle.
* Add a way for users to temporarily deactivate their accounts, in a
recoverable way should they decide to return later.
* A deactivated account may log in but have limited options: to
reactivate their account, permanently delete it, or log out.
* Fix several bugs around the display of comments, messages and
forum threads for disabled, banned, or blocked users:
* Messages (inbox and sentbox) will be hidden and the unread indicator
will not count unread messages the user can't access.
* Comments on photos and forum posts are hidden, and top-level threads
on the "Newest" tab will show "[unavailable]" for their text and
username.
* Your historical notifications will hide users who are blocked, banned
or disabled.
* Add a "Friends" tab to user profile pages, to see other users' friends.
* The page is Certification Required so non-cert users can't easily
discover any members on the site.
The following bugs are resolved:
* A blocked user comments on a Photo that you have also commented on
(are subscribed to), and you would be notified about their comment.
* A blocked user comments on a Forum Thread that you are subscribed to,
and you would be notified about their post.
* Comments by blocked users (on photos and forum threads) were visible
to you after you have blocked them.
New feature: User Notes
* Add a "Notes" tab to user profile pages and galleries.
* Users can create one private note about another user.
* Admins can see all notes left about a user.
* Admins also see Feedback & Reports regarding the user on that page.
Bring back the online chatters list
* The Usernames are filtered down based on blocklist status.
* Signup: if entering an existing email, don't admit that the email
exists. Instead, send a specialized email to its address.
* Search: no longer search for users by email address.
* Login: always hash the incoming password on user not found, to take
constant time compared to when the user did exist.
* Fix a pagination bug when a private (shy account) views a non-friend's
photo gallery.
* On user profile pages and gallery: the total photo count for the user
will only include photos that the viewer can actually see (taking into
account friendship and private grants), so that users won't harass
each other to see the additional photos that aren't visible to them.
* On the member directory search: the photo counts will only show public
photos on their page for now, and may be fewer than the number of
photos the current user could actually see.
* Blocklist: you can now manually add a user by username to your block
list. So if somebody blocked you on the site and you want to block
them back, there is a way to do this.
* Friends: you can now directly unfriend someone from their profile
page by clicking on the "Friends" button. You get a confirmation
popup before the remove friend action goes through.
* Bugfix: when viewing a user's gallery, you were able to see their
Friends-only photos if they granted you their Private photo access,
even if you were not their friend.
* Bugfix: when uploading a new private photo, instead of notifying
everybody you granted access to your privates it will only notify
if they are also on your friend list.
Added the ability to delete or clear notifications.
* A "Clear all" button deletes them all (with confirmation)
* A "Remove" button on individual notifications (one confirmation per
page load, so you can remove several without too much tedium)
Fix some things regarding private photo notifications:
* When notifying your existing grants about a new upload, only users who
opt-in for Explicit are notified about Explicit private pictures.
* When revoking private grants, clean up the "has uploaded a new private
photo" notifications for all of your pics from their notification
feeds.
Add a permission system for admin users so you can lock down specific admins to
a narrower set of features instead of them all having omnipotent powers.
* New page: Admin Dashboard -> Admin Permissions Management
* Permissions are handled in the form of 'scopes' relevant to each feature or
action on the site. Scopes are assigned to Groups, and in turn, admin user
accounts are placed in those Groups.
* The Superusers group (scope '*') has wildcard permission to all scopes. The
permissions dashboard has a create-once action to initialize the Superusers
for the first admin who clicks on it, and places that admin in the group.
The following are the exhaustive list of permission changes on the site:
* Moderator scopes:
* Chat room (enter the room with Operator permission)
* Forums (can edit or delete user posts on the forum)
* Photo Gallery (can see all private/friends-only photos on the site
gallery or user profile pages)
* Certification photos (with nuanced sub-action permissions)
* Approve: has access to the Pending tab to act on incoming pictures
* List: can paginate thru past approved/rejected photos
* View: can bring up specific user cert photo from their profile
* The minimum requirement is Approve or else no cert photo page
will load for your admin user.
* User Actions (each action individually scoped)
* Impersonate
* Ban
* Delete
* Promote to admin
* Inner circle whitelist: no longer are admins automatically part of the
inner circle unless they have a specialized scope attached.
The AdminRequired decorator may also apply scopes on an entire admin route.
The following routes have scopes to limit them:
* Forum Admin (manage forums and their settings)
* Remove from inner circle