* Add a user privacy setting so they can gate who is allowed to share private
photos with them (for people who dislike unsolicited shares):
* Anybody (default)
* Friends only
* Friends + people whom they have sent a DM to (on the main website)
* Nobody
* Add gating around whether to display the prompt to unlock your private photos
while you are viewing somebody's gallery:
* The current user needs at least one private photo to share.
* The target user's new privacy preference is taken into consideration.
* The "should show private photo share prompt" logic is also used on the actual
share page, e.g. for people who manually paste in a username to share with.
You can not grant access to private photos which don't exist.
* Improve the UI on the private photo shares page.
* Profile cards to add elements from the Member Directory page, such as a
Friends and Liked indicator.
* A count of the user's Private photos is shown, which links directly to
their private gallery.
* Add "Decline" buttons to the Shared With Me page: so the target of a private
photo share is able to remove/cancel shares with them.
* Add an AboutUserID field to feedbacks, so when the report is about a
picture that is later deleted, the feedback can still link to the
original owner's account instead of showing an error.
* Add filters to the User Notes page so the admin can see:
* All feedback From or About the user or their content (default)
* Feedback created by the user
* Feedback about the user or their content
* Fuzzy search for any feedback containing the user's name.
* On chat room reports: make the @channel ID a clickable user profile
link for convenience.
* With the new JWT signatures on photo URLs, it was no longer possible for
creative users to embed their gallery photos on their profile page.
* Add a function to ReSignPhotoLinks that finds/replaces (on the server side)
all references to paths under "/static/photos/" and gives them a fresh
?jwt= query string signature.
* Note: only applies to the profile page essays, ReSignPhotoLinks is a
template func that must be opted-in on a per page basis.
Other miscellaneous fixes
* Add "Edit" buttons in the corners of profile cards, when the current user
looks at their profile page. They link to URIs like
"/settings#profile/about_me" which will now:
1. Select the "Profile settings" tab like #profile
2. Scroll and focus the profile essay field that the user clicked to edit.
Certification Required page:
* Show helpful advice if the reason for the page is only that the user had
deleted their default profile pic, but their account was certified.
Batch Photo Delete & Visibility:
* On user galleries, owners and admins can batch Delete or Set Visibility on
many photos at once. Checkboxes appear in the edit/delete row of each photo,
and bulk actions appear at the bottom of the page along with select/unselect
all boxes.
* Deprecated the old /photo/delete endpoint: it now redirects to the batch
delete page with the one photo ID.
Misc Changes:
* Notifications now sort unread to the top always.
* The photo signing JWT tokens carry more fields to validate against:
* The username the token is assigned to (or '@' for anyone)
* An 'anyone' boolean for widely public images, such as for the chat room
and public profile pages.
* A short filename hash of the image in question (whether a Photo or a
CommentPhoto) - so that the user can't borrow a JWT token from the chat
room and reveal a different picture.
* Refactored where the VisibleAvatarURL function lives, to avoid a cyclic
dependency error.
* Originally: (*models.User).VisibleAvatarURL(other *models.User)
* Now: (pkg/photo).VisibleAvatarURL(user, currentUser *models.User)
* Add support for authenticated static photo URLs, leveraging the NGINX module
ngx_http_auth_request. The README is updated with an example NGINX config
how to set this up on the proxy side.
* In settings.json a new SignedPhoto section is added: not enabled by default.
* PhotoURL will append a ?jwt= token to the /static/photos/ path for the
current user, which expires after 30 seconds.
* When SignedPhoto is enabled, it will enforce that the JWT token is valid and
matches the username of the current logged-in user, or else will return with
a 403 Forbidden error.
* Add 'admin labels' to photos so an admin can classify a photo as:
* Not Explicit: e.g. it was flagged by the community but does not
actually need to be explicit. This option will hide the prompt to
report the explicit photo again.
* Force Explicit: if a user is fighting an explicit flag and keeps
removing it from their photo, the photo can be force marked
explicit.
* Admin labels appear on the Permalink page and in the edit photo
settings when viewed as a photo moderator admin.
When a user marks that another photo should have been marked as explicit:
* The owner of that photo gets a notification about it, which reminds them of
the explicit photo policy.
* The photo's "Flagged" boolean is set (along with the Explicit boolean)
* The 'Edit' page on a Flagged photo shows a red banner above the Explicit
option, explaining that it was flagged. The checkbox text is crossed-out,
with a "no" cursor and title text over - but can still be unchecked.
If the user removes the Explicit flag on a flagged photo and saves it:
* An admin report is generated to notify to take a look too.
* The Explicit flag is cleared as normal
* The Flagged boolean is also cleared on this photo: if they set it back to
Explicit again themselves, the red banner won't appear and it won't notify
again - unless a community member flagged it again!
Also makes some improvements to the admin page:
* On photo reports: show a blurred-out (clickable to reveal) photo on feedback
items about photos.
The photo stats were counting ALL public photos of certified members,
whether featured on the Site Gallery or not. Update the query to filter
for Site Gallery photos instead.
* Profile pictures on profile pages now link to the gallery when clicked.
* Admins can no longer automatically see the default profile pic on profile
pages unless they have photo moderator ability.
* Photo view counts are not added when an admin with photo moderator ability
should not have otherwise been able to see the photo.
* Demographics page:
* Show percents with up to 1 decimal place of precision.
* On tablets+ align the percent text to the right.
* On photo counts, only include certified active user photos.
* On gender/orientation demographics, pad the remaining "No answer" counts
with the set of users who have no profile_fields set in the database yet.
* Admin certification page:
* Add additional "common rejection reasons"
* Add a confirm prompt when viewing the Rejected list to avoid accidental
approval of previously rejected cert photos.
* Hitting the Like button on a photo will mark it as viewed.
* Move the 'Report' button on the message inbox page, to instead be in
the footer of each DM.
* Improve message reporting behavior to include the content of the
message in the admin report.
* The owner of a photo no longer counts any views on it.
* Add event handlers to mark animated GIFs viewed on the gallery page:
if the user mouse overs or pauses the video.
* Add chat moderation rules to the website, so admins can apply selective rules
to problematic users. Available rules are:
* redcam: user's camera is always NSFW.
* nobroadcast: user can not broadcast their camera.
* novideo: user can not broadcast OR watch any video.
* noimage: user can not share OR see any shared image on chat.
* The page to manage a user's active rules is available on their admin card of
their profile page. When the user has rules active, a yellow counter is shown
by the link to manage their rules.
* Only chat moderator admins have access to the page or can see the yellow
counter to know whether rules are active.
* "Shy Accounts" are now permitted on the chat room! With some moderation rules
automatically applied to them: novideo,noimage.
* Update the Shy Account FAQ and messaging on the chat landing page.
* Update the auto-kick from chat behavior regarding shy accounts:
* They are kicked from chat only when an update to their profile settings will
transition then FROM a non-shy into a shy account.
* For example: when saving their profile settings (going private) or when
editing or deleting a photo (if they will have no more public photos left)
If an admin needs to impersonate a regular user (to diagnose a support
issue or investigate a reported conversation thread), the web push
script is disabled so that the admin doesn't get subscribed to push
notifications for that user.
Adds two new features to collect and show useful analytics.
Usage Statistics:
* Begin tracking daily active users who log in and interact with major features
of the website each day, such as the chat room, forum and gallery.
Demographics page:
* For marketing, the home page now shows live statistics about the breakdown of
content (explicit vs. non-explicit) on the site, and the /insights page gives
a lot more data in detail.
* Show the percent split in photo gallery content and how many users opt-in or
share explicit content on the site.
* Show high-level demographics of the members (by age range, gender, orientation)
Misc cleanup:
* Rearrange model list in data export to match the auto-create statements.
* In data exports, include the forum_memberships, push_notifications and
usage_statistics tables.
Make some adjustments to blocking behavior regarding the forums:
* Pre-existing bug: on a forum's home page (threads list), if a thread was
created by a blocked user, the thread still appeared with the user's name and
picture visible. Now: their picture and name will be "[unavailable]" but the
thread title/message and link to the thread will remain. Note: in the thread
view itself, posts by the blocked user will be missing as normal.
* Make some tweaks to allow forum moderators (and owners of user-owned forums)
able to see messages from blocked users on their forum:
* In threads: a blocked user's picture and name are "[unavailable]" but the
content of their message is still shown, and can be deleted by moderators.
Misc fixes:
* Private photos: when viewing your granted/grantee lists, hide users whose
accounts are inactive or who are blocked.
* CertifiedSince: in case a user was manually certified but their cert photo
status is not correct, return their user CreatedAt time instead.
* The Explore tab can now sort forums by their:
* Most recently updated thread
* Topics, Posts or Users (counts)
* Show owner information in forum cards
* Passive pagination support for the "My List" on forum home page.
* Only visible when there are >20 favorited Forums.
* The bottoms of threads have moderator buttons now, to easily Pin or
Unpin the thread (for Owners + Admins) or to Lock/Unlock the thread
(all moderators).
* Forums are disowned on user account deletion (their owner_id=0)
* A forum without an owner shows a notice at the bottom with a link to petition
to adopt the forum. It goes to the Contact form with a special subject.
* Note: there is no easy way to re-assign ownership yet other than a direct
database query.
* Code cleanup
* Alphabetize the DB.AutoMigrate tables.
* Delete more things on user deletion: forum_memberships, admin_group_users
* Vacuum worker to clean up orphaned polls after the threads are removed