* Add a user privacy setting so they can gate who is allowed to share private
photos with them (for people who dislike unsolicited shares):
* Anybody (default)
* Friends only
* Friends + people whom they have sent a DM to (on the main website)
* Nobody
* Add gating around whether to display the prompt to unlock your private photos
while you are viewing somebody's gallery:
* The current user needs at least one private photo to share.
* The target user's new privacy preference is taken into consideration.
* The "should show private photo share prompt" logic is also used on the actual
share page, e.g. for people who manually paste in a username to share with.
You can not grant access to private photos which don't exist.
* Improve the UI on the private photo shares page.
* Profile cards to add elements from the Member Directory page, such as a
Friends and Liked indicator.
* A count of the user's Private photos is shown, which links directly to
their private gallery.
* Add "Decline" buttons to the Shared With Me page: so the target of a private
photo share is able to remove/cancel shares with them.
* Add an AboutUserID field to feedbacks, so when the report is about a
picture that is later deleted, the feedback can still link to the
original owner's account instead of showing an error.
* Add filters to the User Notes page so the admin can see:
* All feedback From or About the user or their content (default)
* Feedback created by the user
* Feedback about the user or their content
* Fuzzy search for any feedback containing the user's name.
* On chat room reports: make the @channel ID a clickable user profile
link for convenience.
Certification Required page:
* Show helpful advice if the reason for the page is only that the user had
deleted their default profile pic, but their account was certified.
Batch Photo Delete & Visibility:
* On user galleries, owners and admins can batch Delete or Set Visibility on
many photos at once. Checkboxes appear in the edit/delete row of each photo,
and bulk actions appear at the bottom of the page along with select/unselect
all boxes.
* Deprecated the old /photo/delete endpoint: it now redirects to the batch
delete page with the one photo ID.
Misc Changes:
* Notifications now sort unread to the top always.
* Profile pictures on profile pages now link to the gallery when clicked.
* Admins can no longer automatically see the default profile pic on profile
pages unless they have photo moderator ability.
* Photo view counts are not added when an admin with photo moderator ability
should not have otherwise been able to see the photo.
* Add chat moderation rules to the website, so admins can apply selective rules
to problematic users. Available rules are:
* redcam: user's camera is always NSFW.
* nobroadcast: user can not broadcast their camera.
* novideo: user can not broadcast OR watch any video.
* noimage: user can not share OR see any shared image on chat.
* The page to manage a user's active rules is available on their admin card of
their profile page. When the user has rules active, a yellow counter is shown
by the link to manage their rules.
* Only chat moderator admins have access to the page or can see the yellow
counter to know whether rules are active.
* "Shy Accounts" are now permitted on the chat room! With some moderation rules
automatically applied to them: novideo,noimage.
* Update the Shy Account FAQ and messaging on the chat landing page.
* Update the auto-kick from chat behavior regarding shy accounts:
* They are kicked from chat only when an update to their profile settings will
transition then FROM a non-shy into a shy account.
* For example: when saving their profile settings (going private) or when
editing or deleting a photo (if they will have no more public photos left)
* Add a world cities database with type-ahead search on the Member Directory.
* Users can search for a known city to order users by distance from that city
rather than from their own configured location on their settings page.
* Users must opt-in their own location before this feature may be used, in order
to increase adoption of the location feature and to enforce fairness.
* The `nonshy setup locations` command can import the world cities database.
* Add support for Web Push Notifications when users receive a new Message or
Friend Request on the main website.
* Users opt in or out of this on their Notification Settings. They can also
individually opt out of Message and Friend Request push notifications.
* Remove the ability for regular (non-admin) users to search the Member
Directory for non-certified profiles.
* Profiles who don't certify can be a risk to contact, as the likelihood
of fake pictures and scams/spam is much higher.
The nonshy website is changing the policy on profile pictures. From August 30,
the square cropped avatar images will need to be publicly viewable to everyone.
This implements the first pass of the rollout:
* Add the Public Avatar Consent Page which explains the change to users and
asks for their acknowledgement. The link is available from their User Settings
page, near their Certification Photo link.
* When users (with non-public avatars) accept the change: their square cropped
avatar will become visible to everybody, instead of showing a placeholder
avatar.
* Users can change their mind and opt back out, which will again show the
placeholder avatar.
* The Certification Required middleware will automatically enforce the consent
page once the scheduled go-live date arrives.
Next steps are:
1. Post an announcement on the forum about the upcoming change and link users
to the consent form if they want to check it out early.
2. Update the nonshy site to add banners to places like the User Dashboard for
users who will be affected by the change, to link them to the forum post
and the consent page.
Always filter for certified members unless the user specifically
searches for non-certified or "all users".
Admin searches for banned/disabled also search all users.
* Inner circle: users have the ability to remove themselves and can avoid being
invited again in the future.
* Admin actions: add a "Reset Password" ability to user accounts.
* Admin "Create New User" page.
* Rate limit error handling improvements for the login page.
* Add a transparency page where regular user accounts can list the roles and
permissions that an admin user has access to. It is available by clicking on
the "Admin" badge on that user's profile page.
* Add additional admin scopes to lock down more functionality:
* User feedback and reports
* Change logs
* User notes and admin notes
* Add friendly descriptions to what all the scopes mean in practice.
* Don't show admin notification badges to admins who aren't allowed to act on
those notifications.
* Update the admin dashboard page and documentation for admins.
Users whose accounts are no longer eligible to be in the chat room will be
disconnected immediately from chat when their account status changes.
The places in nonshy where these disconnects may happen include:
* When the user deactivates or deletes their account.
* When they modify their settings to mark their profile as 'private,' making
them become a Shy Account.
* When they edit or delete their photos in case they have moved their final
public photo to be private, making them become a Shy Account.
* When the user deletes their certification photo, or uploads a new cert photo
to be reviewed (in both cases, losing account certified status).
* When an admin user rejects their certification photo, even retroactively.
* On admin actions against a user, including: banning them, deleting their
user account.
Other changes made include:
* When signing up an account and e-mail sending is not enabled (e.g. local
dev environment), the SignupToken is still created and logged to the console
so you can continue the signup manually.
* On the new account DOB prompt, add a link to manually input their birthdate
as text similar to on the Age Gate page.
* Delete all change logs AboutUserID on account deletion, and export
them in the data export zip.
* Log admin changes to ban/admin status of other users.
* Log user deactivations/reactivations and deletions (self serve or
admin deletion).
* Add a Search page to the forums to filter by user ID and find threads and
replies matching your search terms, with "quoted phrases" and -negation
support.
* On user profile pages, add an "Activity" box showing statistics on their
forum threads/comments, likes given/received, photo counts, etc.
* On the "Newest" and Search page for Forums: show an indicator whenever a
post includes an attached photo.
* Add a way for users to temporarily deactivate their accounts, in a
recoverable way should they decide to return later.
* A deactivated account may log in but have limited options: to
reactivate their account, permanently delete it, or log out.
* Fix several bugs around the display of comments, messages and
forum threads for disabled, banned, or blocked users:
* Messages (inbox and sentbox) will be hidden and the unread indicator
will not count unread messages the user can't access.
* Comments on photos and forum posts are hidden, and top-level threads
on the "Newest" tab will show "[unavailable]" for their text and
username.
* Your historical notifications will hide users who are blocked, banned
or disabled.
* Add a "Friends" tab to user profile pages, to see other users' friends.
* The page is Certification Required so non-cert users can't easily
discover any members on the site.
