Add a permission system for admin users so you can lock down specific admins to
a narrower set of features instead of them all having omnipotent powers.
* New page: Admin Dashboard -> Admin Permissions Management
* Permissions are handled in the form of 'scopes' relevant to each feature or
action on the site. Scopes are assigned to Groups, and in turn, admin user
accounts are placed in those Groups.
* The Superusers group (scope '*') has wildcard permission to all scopes. The
permissions dashboard has a create-once action to initialize the Superusers
for the first admin who clicks on it, and places that admin in the group.
The following are the exhaustive list of permission changes on the site:
* Moderator scopes:
* Chat room (enter the room with Operator permission)
* Forums (can edit or delete user posts on the forum)
* Photo Gallery (can see all private/friends-only photos on the site
gallery or user profile pages)
* Certification photos (with nuanced sub-action permissions)
* Approve: has access to the Pending tab to act on incoming pictures
* List: can paginate thru past approved/rejected photos
* View: can bring up specific user cert photo from their profile
* The minimum requirement is Approve or else no cert photo page
will load for your admin user.
* User Actions (each action individually scoped)
* Impersonate
* Ban
* Delete
* Promote to admin
* Inner circle whitelist: no longer are admins automatically part of the
inner circle unless they have a specialized scope attached.
The AdminRequired decorator may also apply scopes on an entire admin route.
The following routes have scopes to limit them:
* Forum Admin (manage forums and their settings)
* Remove from inner circle
* Add the PollVotes table and associated logic.
* Multiple choice polls supported.
* Expiring and non-expiring polls.
* Icons and badges on the forum pages to show posts with polls
* Bugfix: non-explicit users getting SQL errors on Newest Posts page.
* Add support to upload a picture to forum posts and replies, in forums that
have the PermitPhotos setting enabled.
* New DB table: CommentPhoto holds the association between a photo and a
forum ID. Photos can be uploaded at preview time (before a CommentID is
available) and get associated to the CommentID on save.
* Cron endpoint /v1/comment-photos/remove-orphaned can clean up orphaned
photos without a CommentID older than 24 hours.
* Add "Photo Boards" as a default forum category for new boards.
* Add ability to unlock your private photos for others.
* Link to unlock is on another user's Photos page.
* You can also access your "Manage Private Photos" page in the User Menu
or Dashboard and add a user by username.
* See who you have granted access, and see users who have granted you
access to their private photos.
* Private photos of users who unlocked them for you may appear on the Site
Gallery if the photo allows.
* Add new filters to the Site Gallery: you can choose to filter by Explicit,
limit to a specific Visibility, and order by Newest or Oldest. Non-explicit
users do not get a filter to see explicit content - they must opt-in in
their settings.
* Bugfix: Site Gallery was not correctly filtering Explicit photos away from
users who did not opt-in for explicit!
* Add a "Newest" tab to the Forums landing page to order ALL forum posts
(comments) by most recent, paginated.
* Add a "Views" cooldown in Redis: viewing the same post multiple times
within 1 hour doesn't ++ the view count with every page load, per user
per thread ID.
* Update the paginators to handle unlimited numbers of pages: shows max
7 page buttons with your current page towards the middle.
* General ability to jump to the "last page" of anything: use a negative
page size like ?page=-1 and it acts like the last page.
* Add ability to (un)subscribe from comment threads on Forums and Photos.
* Creating a forum post, replying to a post or adding a comment to a photo
automatically subscribes you to be notified when somebody else adds a
comment to the thing later.
* At the top of each comment thread is a link to disable or re-enable your
subscription. You can join a subscription without even needing to comment.
If you click to disable notifications, they stay disabled even if you
add another comment later.
* Add permalink URL for photos to view their comment threads.
* Commenters can Edit or Delete their own comments.
* Photo owners can Delete any comment on it.
* Update Privacy Policy
Finish implementing the basic forum features:
* Pinned threads (admin or board owner only)
* Edit Thread settings when you edit the top-most comment.
* NoReply threads remove all the reply buttons.
* Explicit forums and threads are filtered out unless opted-in (admins
always see them).
* Count the unique members who participated in each forum.
* Get the most recently updated thread to show on forum list page.
* Contact/Report page: handle receiving a comment ID to report on.
Implement Likes & Notifications
* Like buttons added to Photos and Profile Pages. Implemented via simple
vanilla JS (likes.js) to make ajax requests to back-end to like/unlike.
* Notifications: for your photo or profile being liked. If you unlike,
the existing notifications about the like are revoked.
* The notifications appear as an alert number in the nav bar and are read
on the User Dashboard. Click to mark a notification as "read" or click
the "mark all as read" button.
Update DeleteUser to scrub likes, notifications, threads, and comments.
Adds initial code for basically functional forums:
* Forums landing page shows hard-coded list of Categories along with any
forums in the DB that use those categories.
* Admin: Create, Edit forums and view forums you own or have admin rights
to modify.
* Landing page forums list shows the title/description and dynamic count of
number of Topics and total number of Posts in each forum. TODO: distinct
count of Users who posted in each forum.
* Board Index page shows list of Threads (posts) with a Replies count and
Views count on each thread.
* Thread view is basically an array of Comments. Users can post, edit and
delete (their own) comments. Deleting the first comment removes the
entire Thread - the thread points to a first Comment to provide its body.
* Reply and Quote-Reply options working.
* Add the Contact page where users can contact the site admins for feedback or
to report a problematic user, photo or message.
* Reports go into the admin Feedback table.
* Admin nav bar indicates number of unread feedbacks.
* Add "Report" button to profile pages, photo cards, and the top of Direct
Message threads.
Misc changes:
* Send emails out asynchronously for more responsive page loads.
Implement block lists. They work like friend lists but are unidirectional,
but take effect in both directions (blocker and blockee can not see one
another on the site -- except admin users can always see all users).
* Profile page says 404
* User gallery says 404
* User search page filters out blocked users
* Compose endpoint blocks sending messages to blocked users (except admin)
* Site Gallery filters photos by blocked (and uncertified) users
* Inbox page hides chat list for blocked users (can still read the chat
history if you have a link to the old thread)
* Add impersonate feature
* Add ban/unban user feature
* Add promote/demote admin status feature
* Add admin user deletion feature
* Admin ability to see other status certification pics
* Nav bar indicator of pending admin actions such as cert pics
needing approval
* Admin ability to search cert pics for specific user
* Add "forgot password" workflow.
* Add ability to change user email address (confirmation link sent)
* Add ability to change user's password.
* Add rate limiter to deter brute force login attempts.
* Add user deep delete functionality (delete account).
* Ping user LastLoginAt every 8 hours for long-lived session cookies.
* Add age filters to user search page.
* Add sort options to user search (last login, created, username/name)
* Add "Site Gallery" page showing all public+gallery member photos.
* Add "Certification Required" decorator for gallery and other main pages.
* Add the Certification Photo workflow:
* Users have a checklist on their dashboard to upload a profile pic
and post a certification selfie (two requirements)
* Admins notified by email when a new certification pic comes in.
* Admin can reject (w/ comment) or approve the pic.
* Users can re-upload or delete their pic at the cost of losing
certification status if they make any such changes.
* Users are emailed when their photo is either approved or rejected.
* User Preferences: can now save the explicit pref to your account.
* Explicit photos on user pages and site gallery are hidden if the
current user hasn't opted-in (user can always see their own explicit
photos regardless of the setting)
* If a user is viewing a member gallery and explicit pics are hidden, a
count of the number of explicit pics is shown to inform the user that
more DO exist, they just don't see them. The site gallery does not do
this and simply hides explicit photos.
* Add the user photo gallery for profile pages. Paginated, grid or full (blog
style) view options. In grid view clicking a photo opens a large modal to
see it; full view already shows large photos.
* Edit page: can also re-crop and set an existing pic to be your profile pic.
* Delete page: remove photos from the DB and hard drive.
* Photos are cleaned up from disk when not needed, e.g. during a re-crop the
old cropped photo is removed before the new one replaces it.
* Fixed bug with cropping pictures.