Make some adjustments to blocking behavior regarding the forums:
* Pre-existing bug: on a forum's home page (threads list), if a thread was
created by a blocked user, the thread still appeared with the user's name and
picture visible. Now: their picture and name will be "[unavailable]" but the
thread title/message and link to the thread will remain. Note: in the thread
view itself, posts by the blocked user will be missing as normal.
* Make some tweaks to allow forum moderators (and owners of user-owned forums)
able to see messages from blocked users on their forum:
* In threads: a blocked user's picture and name are "[unavailable]" but the
content of their message is still shown, and can be deleted by moderators.
Misc fixes:
* Private photos: when viewing your granted/grantee lists, hide users whose
accounts are inactive or who are blocked.
* CertifiedSince: in case a user was manually certified but their cert photo
status is not correct, return their user CreatedAt time instead.
Add minimum quotas for users to earn the ability to create custom forums.
The entry requirements that could earn the first forum include:
1. Having a Certified account status for at least 45 days.
2. Having written 10 posts or replies in the forums.
Additional quota is granted in increasing difficulty based on the count of
forum posts created.
Other changes:
* Admin view of Manage Forums can filter for official/community.
* "Certified Since" now shown on profile pages.
* Update FAQ page for Forums feature.
* Add an Admin Certification Photo workflow where we can request the user to
upload a secondary form of ID (government issued photo ID showing their
face and date of birth).
* An admin rejection option can request secondary photo ID.
* It sends a distinct e-mail to the user apart from the regular rejection email
* It flags their cert photo as "Secondary Needed" forever: even if the user
removes their cert photo and starts from scratch, it will immediately request
secondary ID when uploading a new primary photo.
* Secondary photos are deleted from the server on both Approve and Reject by
the admin account, for user privacy.
* If approved, a Secondary Approved=true boolean is stored in the database. This
boolean is set to False if the user deletes their cert photo in the future.
* Add impersonate feature
* Add ban/unban user feature
* Add promote/demote admin status feature
* Add admin user deletion feature
* Admin ability to see other status certification pics
* Nav bar indicator of pending admin actions such as cert pics
needing approval
* Admin ability to search cert pics for specific user
* Add "forgot password" workflow.
* Add ability to change user email address (confirmation link sent)
* Add ability to change user's password.
* Add rate limiter to deter brute force login attempts.
* Add user deep delete functionality (delete account).
* Ping user LastLoginAt every 8 hours for long-lived session cookies.
* Add age filters to user search page.
* Add sort options to user search (last login, created, username/name)
* Add "Site Gallery" page showing all public+gallery member photos.
* Add "Certification Required" decorator for gallery and other main pages.
* Add the Certification Photo workflow:
* Users have a checklist on their dashboard to upload a profile pic
and post a certification selfie (two requirements)
* Admins notified by email when a new certification pic comes in.
* Admin can reject (w/ comment) or approve the pic.
* Users can re-upload or delete their pic at the cost of losing
certification status if they make any such changes.
* Users are emailed when their photo is either approved or rejected.
* User Preferences: can now save the explicit pref to your account.
* Explicit photos on user pages and site gallery are hidden if the
current user hasn't opted-in (user can always see their own explicit
photos regardless of the setting)
* If a user is viewing a member gallery and explicit pics are hidden, a
count of the number of explicit pics is shown to inform the user that
more DO exist, they just don't see them. The site gallery does not do
this and simply hides explicit photos.