* On user profile pages and gallery: the total photo count for the user
will only include photos that the viewer can actually see (taking into
account friendship and private grants), so that users won't harass
each other to see the additional photos that aren't visible to them.
* On the member directory search: the photo counts will only show public
photos on their page for now, and may be fewer than the number of
photos the current user could actually see.
* Blocklist: you can now manually add a user by username to your block
list. So if somebody blocked you on the site and you want to block
them back, there is a way to do this.
* Friends: you can now directly unfriend someone from their profile
page by clicking on the "Friends" button. You get a confirmation
popup before the remove friend action goes through.
* Bugfix: when viewing a user's gallery, you were able to see their
Friends-only photos if they granted you their Private photo access,
even if you were not their friend.
* Bugfix: when uploading a new private photo, instead of notifying
everybody you granted access to your privates it will only notify
if they are also on your friend list.
Add a permission system for admin users so you can lock down specific admins to
a narrower set of features instead of them all having omnipotent powers.
* New page: Admin Dashboard -> Admin Permissions Management
* Permissions are handled in the form of 'scopes' relevant to each feature or
action on the site. Scopes are assigned to Groups, and in turn, admin user
accounts are placed in those Groups.
* The Superusers group (scope '*') has wildcard permission to all scopes. The
permissions dashboard has a create-once action to initialize the Superusers
for the first admin who clicks on it, and places that admin in the group.
The following are the exhaustive list of permission changes on the site:
* Moderator scopes:
* Chat room (enter the room with Operator permission)
* Forums (can edit or delete user posts on the forum)
* Photo Gallery (can see all private/friends-only photos on the site
gallery or user profile pages)
* Certification photos (with nuanced sub-action permissions)
* Approve: has access to the Pending tab to act on incoming pictures
* List: can paginate thru past approved/rejected photos
* View: can bring up specific user cert photo from their profile
* The minimum requirement is Approve or else no cert photo page
will load for your admin user.
* User Actions (each action individually scoped)
* Impersonate
* Ban
* Delete
* Promote to admin
* Inner circle whitelist: no longer are admins automatically part of the
inner circle unless they have a specialized scope attached.
The AdminRequired decorator may also apply scopes on an entire admin route.
The following routes have scopes to limit them:
* Forum Admin (manage forums and their settings)
* Remove from inner circle
* Users with private profiles or no public photo at all are considered
to be Shy Accounts and are isolated from the non-shy profiles.
* Restrictions include:
* Site Gallery shows only them + their friends' photos.
* User Galleries: must be a friend or had private photos granted to
see a user's gallery page.
* DMs: can not initiate a DM to a non-shy member (other shy members
OK).
The photo upload limit for user profiles is raised from 24 to 100.
The bug about Filesize not saving to the database for Photos and
CommentPhotos (storing zeroes in the DB) has been fixed. Run the
`nonshy backfill filesizes` to populate your existing database.
* For admins, make it a specific opt-in filter for the Site Gallery to
show all pictures regardless of friendship or grant (for moderation
purposes). On this view, Like and Comment buttons are taken away.
Non-admins are not shown the option and the back-end ignores the
parameter for them.
* Fix user avatars on compose and admin actions page.
* Add ability to unlock your private photos for others.
* Link to unlock is on another user's Photos page.
* You can also access your "Manage Private Photos" page in the User Menu
or Dashboard and add a user by username.
* See who you have granted access, and see users who have granted you
access to their private photos.
* Private photos of users who unlocked them for you may appear on the Site
Gallery if the photo allows.
* Add new filters to the Site Gallery: you can choose to filter by Explicit,
limit to a specific Visibility, and order by Newest or Oldest. Non-explicit
users do not get a filter to see explicit content - they must opt-in in
their settings.
* Bugfix: Site Gallery was not correctly filtering Explicit photos away from
users who did not opt-in for explicit!
* On Forums landing page, show who was the most recent commenter on each
board's most recently updated post.
* Show photo count on Profile Pages on the "Photos" tab.
* Revise the mobile and tablet top nav bar:
* Always show small badge icons linking to the Site Gallery & Forum
* Always show Friends & Messages badges. If no new notifications, they
display as grey instead of yellow w/ a number.
* Put icons next to most nav bar items, especially the User Menu
* Tighten the sprawling page layouts in the Forums to be more compact
for mobile screens.
* Fix bug where some pages scrolled horizontally on mobile: the root cause
was divs with class="content p-2", needs minimum p-3 (but p-4 is used) to
provide enough padding to overcome column margins which were pushing the
page too wide on mobile.
Finish implementing the basic forum features:
* Pinned threads (admin or board owner only)
* Edit Thread settings when you edit the top-most comment.
* NoReply threads remove all the reply buttons.
* Explicit forums and threads are filtered out unless opted-in (admins
always see them).
* Count the unique members who participated in each forum.
* Get the most recently updated thread to show on forum list page.
* Contact/Report page: handle receiving a comment ID to report on.
Implement Likes & Notifications
* Like buttons added to Photos and Profile Pages. Implemented via simple
vanilla JS (likes.js) to make ajax requests to back-end to like/unlike.
* Notifications: for your photo or profile being liked. If you unlike,
the existing notifications about the like are revoked.
* The notifications appear as an alert number in the nav bar and are read
on the User Dashboard. Click to mark a notification as "read" or click
the "mark all as read" button.
Update DeleteUser to scrub likes, notifications, threads, and comments.
* Friends: can now see your sent requests awaiting approval too.
* Site Gallery: you may see Friends-only photos on the Gallery if you are
friends with the owner and the pic is opted-in for the Gallery.
* Site Gallery: show color coded visibility icons in card headers.
* Improve appearance of Upload Photo page.
* Update FAQ
* Add setting to mark profile as "private"
* If a profile is private you can't see their profile page or user photo
gallery unless you are friends (or admin)
* The Site Gallery never shows pictures from private profiles.
* Add HTML5 drag/drop upload support for photo gallery.
* Suppress SQL logging except in debug mode.
* Clean up extra logs.
* Add photo upload quotas.
* Non-certified users can upload few photos; certified users more
* Fix foreign key issues around deleting user profile photos for psql
Implement block lists. They work like friend lists but are unidirectional,
but take effect in both directions (blocker and blockee can not see one
another on the site -- except admin users can always see all users).
* Profile page says 404
* User gallery says 404
* User search page filters out blocked users
* Compose endpoint blocks sending messages to blocked users (except admin)
* Site Gallery filters photos by blocked (and uncertified) users
* Inbox page hides chat list for blocked users (can still read the chat
history if you have a link to the old thread)
* Add "forgot password" workflow.
* Add ability to change user email address (confirmation link sent)
* Add ability to change user's password.
* Add rate limiter to deter brute force login attempts.
* Add user deep delete functionality (delete account).
* Ping user LastLoginAt every 8 hours for long-lived session cookies.
* Add age filters to user search page.
* Add sort options to user search (last login, created, username/name)
* Add "Site Gallery" page showing all public+gallery member photos.
* Add "Certification Required" decorator for gallery and other main pages.
* Add the Certification Photo workflow:
* Users have a checklist on their dashboard to upload a profile pic
and post a certification selfie (two requirements)
* Admins notified by email when a new certification pic comes in.
* Admin can reject (w/ comment) or approve the pic.
* Users can re-upload or delete their pic at the cost of losing
certification status if they make any such changes.
* Users are emailed when their photo is either approved or rejected.
* User Preferences: can now save the explicit pref to your account.
* Explicit photos on user pages and site gallery are hidden if the
current user hasn't opted-in (user can always see their own explicit
photos regardless of the setting)
* If a user is viewing a member gallery and explicit pics are hidden, a
count of the number of explicit pics is shown to inform the user that
more DO exist, they just don't see them. The site gallery does not do
this and simply hides explicit photos.
* Add the user photo gallery for profile pages. Paginated, grid or full (blog
style) view options. In grid view clicking a photo opens a large modal to
see it; full view already shows large photos.
* Edit page: can also re-crop and set an existing pic to be your profile pic.
* Delete page: remove photos from the DB and hard drive.
* Photos are cleaned up from disk when not needed, e.g. during a re-crop the
old cropped photo is removed before the new one replaces it.
* Fixed bug with cropping pictures.